Add libks2 support (#133)

Author: andywolk

.gitignore

@@ -47,6 +47,10 @@ stir_shaken_test_11
 stir_shaken_test_12
 stir_shaken_test_13
 stir_shaken_test_14
+stir_shaken_test_15
+stir_shaken_test_16
+stir_shaken_test_17
+stir_shaken_test_18
 stir_shaken_test_2
 stir_shaken_test_3
 stir_shaken_test_4
@@ -71,3 +75,5 @@ util/src/.deps/
 util/src/.dirstamp
 build/stirshaken.pc
 sp_1*.pem
+debian/autoreconf.after
+debian/autoreconf.before

Makefile.am

@@ -16,7 +16,7 @@ examples = stir_shaken_as_basic stir_shaken_vs_basic stir_shaken_ca stir_shaken_
 
 bin_PROGRAMS = stirshaken $(examples)
 stirshaken_SOURCES = util/src/stir_shaken_tool_command.c util/src/stir_shaken_tool.c util/src/stir_shaken_ca.c util/src/mongoose.c
-stirshaken_CFLAGS = -Iinclude -Iutil/include -DMG_ENABLE_SSL
+stirshaken_CFLAGS = -Iinclude -Iutil/include $(KS_CFLAGS) -DMG_ENABLE_SSL
 stirshaken_LDADD = libstirshaken.la $(KS_LIBS)
 
 LIBS += $(KS_LIBS) $(CURL_LIBS) $(JWT_LIBS) -pthread
@@ -94,25 +94,25 @@ stir_shaken_test_18_CFLAGS = -Iinclude
 stir_shaken_test_18_LDADD = libstirshaken.la
 
 stir_shaken_as_basic_SOURCES = examples/stir_shaken_as_basic.c
-stir_shaken_as_basic_CFLAGS = -Iinclude
+stir_shaken_as_basic_CFLAGS = -Iinclude $(KS_CFLAGS)
 stir_shaken_as_basic_LDADD = libstirshaken.la
 
 stir_shaken_vs_basic_SOURCES = examples/stir_shaken_vs_basic.c
-stir_shaken_vs_basic_CFLAGS = -Iinclude
+stir_shaken_vs_basic_CFLAGS = -Iinclude $(KS_CFLAGS)
 stir_shaken_vs_basic_LDADD = libstirshaken.la
 
 stir_shaken_ca_SOURCES = examples/stir_shaken_ca.c util/src/stir_shaken_ca.c util/src/mongoose.c
-stir_shaken_ca_CFLAGS = -Iinclude -Iutil/include -DMG_ENABLE_SSL
+stir_shaken_ca_CFLAGS = -Iinclude -Iutil/include $(KS_CFLAGS) -DMG_ENABLE_SSL
 stir_shaken_ca_LDADD = libstirshaken.la
 
 stir_shaken_cert_req_SOURCES = examples/stir_shaken_cert_req.c
-stir_shaken_cert_req_CFLAGS = -Iinclude
+stir_shaken_cert_req_CFLAGS = -Iinclude $(KS_CFLAGS)
 stir_shaken_cert_req_LDADD = libstirshaken.la
 
 stir_shaken_as_easy_SOURCES = examples/stir_shaken_as_easy.c
-stir_shaken_as_easy_CFLAGS = -Iinclude
+stir_shaken_as_easy_CFLAGS = -Iinclude $(KS_CFLAGS)
 stir_shaken_as_easy_LDADD = libstirshaken.la
 
 stir_shaken_vs_easy_SOURCES = examples/stir_shaken_vs_easy.c
-stir_shaken_vs_easy_CFLAGS = -Iinclude
+stir_shaken_vs_easy_CFLAGS = -Iinclude $(KS_CFLAGS)
 stir_shaken_vs_easy_LDADD = libstirshaken.la

configure.ac

@@ -32,7 +32,14 @@ fi
 
 PKG_CHECK_MODULES([CURL], [libcurl >= 7.19])
 PKG_CHECK_MODULES([JWT], [libjwt >= 1.12])
-PKG_CHECK_MODULES([KS], [libks >= 1.1.0])
+
+PKG_CHECK_MODULES([KS], [libks2 >= 2.0.0],[
+  AM_CONDITIONAL([HAVE_KS],[true])],[
+  PKG_CHECK_MODULES([KS], [libks >= 1.8.2],[
+    AM_CONDITIONAL([HAVE_KS],[true])],[
+      AC_MSG_ERROR([You need to either install libks2 or libks])
+  ])
+])
 
 #  Enable clang address sanitizer bit build
 AC_ARG_ENABLE(address_sanitizer,

debian/control

@@ -2,7 +2,7 @@ Source: libstirshaken
 Section: libs
 Priority: optional
 Maintainer: FreeSWITCH Solutions <[email protected]>
-Build-Depends: debhelper (>= 9), libcurl4-openssl-dev, libjwt-dev (>= 1.12.0), libks (>= 1.6.0), libssl-dev, pkgconf, uuid-dev
+Build-Depends: debhelper (>= 9), libcurl4-openssl-dev, libjwt-dev (>= 1.12.0), libks2 (>= 2.0.0), libssl-dev, pkgconf, uuid-dev
 Standards-Version: 3.9.6
 
 Package: libstirshaken1
@@ -18,7 +18,7 @@ Description: STIR-Shaken authentication and verification library
 Package: libstirshaken-dev
 Section: libdevel
 Architecture: any
-Depends: libstirshaken1 (= ${binary:Version}), libcurl4-openssl-dev, libjwt-dev (>= 1.12.0), libks (>= 1.6.0)
+Depends: libstirshaken1 (= ${binary:Version}), libcurl4-openssl-dev, libjwt-dev (>= 1.12.0), libks2 (>= 2.0.0)
 Description: STIR-Shaken authentication and verification library
  This library provides building blocks for implementing STIR-Shaken
  authentication and verification services, (STI-SP/AS, STI-SP/VS),

src/stir_shaken_acme.c

@@ -579,6 +579,7 @@ stir_shaken_status_t stir_shaken_acme_respond_to_challenge(stir_shaken_context_t
 {
     ks_json_t *json = NULL, *auth_status = NULL, *challenges_arr = NULL;
     stir_shaken_http_req_t http_req = { 0 };
+    const char *auth_status_value = "";
 
 
     if (!data) {
@@ -617,8 +618,12 @@ stir_shaken_status_t stir_shaken_acme_respond_to_challenge(stir_shaken_context_t
         goto fail;
     }
 
-    if (strcmp("valid", ks_json_value_string(auth_status)) == 0) {
-
+#if KS_VERSION_NUM >= 20000
+    ks_json_value_string(auth_status, &auth_status_value);
+#else
+    auth_status_value = ks_json_value_string(auth_status);
+#endif
+    if (strcmp("valid", auth_status_value) == 0) {
         // Authorization completed
 
     } else {
@@ -631,8 +636,8 @@ stir_shaken_status_t stir_shaken_acme_respond_to_challenge(stir_shaken_context_t
         char *kid = NULL, *nonce = NULL;
         char *jwt_encoded = NULL;
 
-        if (strcmp("pending", ks_json_value_string(auth_status)) != 0) {
-            snprintf(err_buf, STIR_SHAKEN_BUFLEN, "ACME authorization challenge malformed, 'status' field is neither 'valid' nor 'pending' (status is: '%s')", ks_json_value_string(auth_status));
+        if (strcmp("pending", auth_status_value) != 0) {
+            snprintf(err_buf, STIR_SHAKEN_BUFLEN, "ACME authorization challenge malformed, 'status' field is neither 'valid' nor 'pending' (status is: '%s')", auth_status_value);
             stir_shaken_set_error(ss, err_buf, STIR_SHAKEN_ERROR_ACME);
             goto fail;
         }
@@ -673,7 +678,11 @@ stir_shaken_status_t stir_shaken_acme_respond_to_challenge(stir_shaken_context_t
             goto fail;
         }
 
+#if KS_VERSION_NUM >= 20000
+        ks_json_value_string(url_item, &challenge_url);
+#else
         challenge_url = ks_json_value_string(url_item);
+#endif
         if (polling_url) {
             *polling_url = strdup(challenge_url);
         }
@@ -737,6 +746,7 @@ stir_shaken_status_t stir_shaken_acme_poll(stir_shaken_context_t *ss, void *data
     ks_json_t					*json = NULL, *auth_status = NULL;
     int						t = 0;
     char err_buf[STIR_SHAKEN_ERROR_BUF_LEN] = { 0 };
+    const char *auth_status_value = "";
 
     if (!url) {
         goto fail;
@@ -795,26 +805,31 @@ stir_shaken_status_t stir_shaken_acme_poll(stir_shaken_context_t *ss, void *data
 
         // Check authorization status
         // If status is "valid" authorization is completed and can proceed to cert acquisition
-        if (strcmp("valid", ks_json_value_string(auth_status)) == 0) {
+#if KS_VERSION_NUM >= 20000
+        ks_json_value_string(auth_status, &auth_status_value);
 
+#else
+        auth_status_value = ks_json_value_string(auth_status);
+#endif
+        if (strcmp("valid", auth_status_value) == 0) {
             // Authorization completed
             status_is_valid = 1;
             fprintif(STIR_SHAKEN_LOGLEVEL_MEDIUM, "\t-> Got 'valid' polling status\n");
 
         } else {
 
-            if (strcmp("pending", ks_json_value_string(auth_status)) != 0) {
+            if (strcmp("pending", auth_status_value) != 0) {
 
-                if (0 == strcmp("failed", ks_json_value_string(auth_status))) {
+                if (0 == strcmp("failed", auth_status_value)) {
                     fprintif(STIR_SHAKEN_LOGLEVEL_MEDIUM, "\t-> Got 'failed' polling status\n");
-                    snprintf(err_buf, STIR_SHAKEN_BUFLEN, "\t-> Got 'failed' polling status (%s): ACME authorization unsuccessful\n", ks_json_value_string(auth_status));
+                    snprintf(err_buf, STIR_SHAKEN_BUFLEN, "\t-> Got 'failed' polling status (%s): ACME authorization unsuccessful\n", auth_status_value);
                     stir_shaken_set_error(ss, err_buf, STIR_SHAKEN_ERROR_ACME_AUTHZ_UNSUCCESSFUL);
                     goto fail;
                 }
 
                 fprintif(STIR_SHAKEN_LOGLEVEL_MEDIUM, "\t-> Got malformed polling status\n");
 
-                snprintf(err_buf, STIR_SHAKEN_BUFLEN, "ACME auth status malformed, 'status' field is neither 'valid' nor 'pending' nor 'failed' (status is: '%s')\n", ks_json_value_string(auth_status));
+                snprintf(err_buf, STIR_SHAKEN_BUFLEN, "ACME auth status malformed, 'status' field is neither 'valid' nor 'pending' nor 'failed' (status is: '%s')\n", auth_status_value);
                 stir_shaken_set_error(ss, err_buf, STIR_SHAKEN_ERROR_ACME);
                 goto fail;
             }
@@ -866,6 +881,7 @@ stir_shaken_status_t stir_shaken_acme_perform_authorization(stir_shaken_context_
 {
     ks_json_t *json = NULL, *auth_status = NULL, *auth_arr = NULL;
     char err_buf[STIR_SHAKEN_ERROR_BUF_LEN] = { 0 };
+    const char *auth_status_value = "";
 
 
     if (!data) {
@@ -907,8 +923,12 @@ stir_shaken_status_t stir_shaken_acme_perform_authorization(stir_shaken_context_
     fprintif(STIR_SHAKEN_LOGLEVEL_MEDIUM, "-> Processing authorization challenge...\n");
 
     // If status is "valid" authorization is completed and can proceed to cert acquisition
-    if (strcmp("valid", ks_json_value_string(auth_status)) == 0) {
-
+#if KS_VERSION_NUM >= 20000
+    ks_json_value_string(auth_status, &auth_status_value);
+#else
+    auth_status_value = ks_json_value_string(auth_status);
+#endif
+    if (strcmp("valid", auth_status_value) == 0) {
         // Authorization completed
         fprintif(STIR_SHAKEN_LOGLEVEL_MEDIUM, "-> Authorization completed\n");
 
@@ -918,8 +938,8 @@ stir_shaken_status_t stir_shaken_acme_perform_authorization(stir_shaken_context_
         const char	*auth_url = NULL;
         stir_shaken_http_req_t http_req = { 0 };
 
-        if (strcmp("pending", ks_json_value_string(auth_status)) != 0) {
-            snprintf(err_buf, STIR_SHAKEN_BUFLEN, "ACME authorization challenge malformed, 'status' field is neither 'valid' nor 'pending' (status is: '%s')", ks_json_value_string(auth_status));
+        if (strcmp("pending", auth_status_value) != 0) {
+            snprintf(err_buf, STIR_SHAKEN_BUFLEN, "ACME authorization challenge malformed, 'status' field is neither 'valid' nor 'pending' (status is: '%s')", auth_status_value);
             stir_shaken_set_error(ss, err_buf, STIR_SHAKEN_ERROR_ACME);
             goto fail;
         }
@@ -951,7 +971,11 @@ stir_shaken_status_t stir_shaken_acme_perform_authorization(stir_shaken_context_
             goto fail;
         }
 
+#if KS_VERSION_NUM >= 20000
+        ks_json_value_string(auth_item, &auth_url);
+#else
         auth_url = ks_json_value_string(auth_item);
+#endif
 
         /*
          * Performing Step 4 of 6.3.5.2 ACME Based Steps for Application for an STI Certificate [ATIS-1000080].

src/stir_shaken_passport.c

@@ -84,12 +84,15 @@ stir_shaken_status_t stir_shaken_passport_jwt_init(stir_shaken_context_t *ss, jw
 				stir_shaken_set_error(ss, "Passport can't create JSON object", STIR_SHAKEN_ERROR_KSJSON_CREATE_OBJECT_JSON_2);
 				return STIR_SHAKEN_STATUS_ERR;
 			}
-
+#if KS_VERSION_NUM >= 20000
+			ks_json_add_number_to_object(json, "iat", iat);
+#else
 			if (!ks_json_add_number_to_object(json, "iat", iat)) {
 				stir_shaken_set_error(ss, "Failed to add @iat to PASSporT", STIR_SHAKEN_ERROR_KSJSON_ADD_IAT);
 				ks_json_delete(&json);
 				return STIR_SHAKEN_STATUS_ERR;
 			}
+#endif
 
 			if (!attest) {
 				stir_shaken_set_error(ss, "Passport @attest is missing", STIR_SHAKEN_ERROR_PASSPORT_ATTEST_MISSING);
@@ -103,23 +106,31 @@ stir_shaken_status_t stir_shaken_passport_jwt_init(stir_shaken_context_t *ss, jw
 				return STIR_SHAKEN_STATUS_ERR;
 			}
 
+#if KS_VERSION_NUM >= 20000
+			ks_json_add_string_to_object(json, "attest", attest);
+#else
 			if (!ks_json_add_string_to_object(json, "attest", attest)) {
 				stir_shaken_set_error(ss, "Failed to add @attest to PASSporT", STIR_SHAKEN_ERROR_KSJSON_ADD_ATTEST);
 				ks_json_delete(&json);
 				return STIR_SHAKEN_STATUS_ERR;
 			}
+#endif
 
 			if (!origid) {
 				stir_shaken_set_error(ss, "Passport @origid is missing", STIR_SHAKEN_ERROR_PASSPORT_ORIGID_MISSING);
 				ks_json_delete(&json);
 				return STIR_SHAKEN_STATUS_ERR;
 			}
 
+#if KS_VERSION_NUM >= 20000
+			ks_json_add_string_to_object(json, "origid", origid);
+#else
 			if (!ks_json_add_string_to_object(json, "origid", origid)) {
 				stir_shaken_set_error(ss, "Failed to add @origid to PASSporT", STIR_SHAKEN_ERROR_KSJSON_ADD_ORIGID);
 				ks_json_delete(&json);
 				return STIR_SHAKEN_STATUS_ERR;
 			}
+#endif
 
 			if (!origtn_val) {
 
@@ -150,6 +161,10 @@ stir_shaken_status_t stir_shaken_passport_jwt_init(stir_shaken_context_t *ss, jw
 						return STIR_SHAKEN_STATUS_ERR;
 					}
 
+#if KS_VERSION_NUM >= 20000
+					ks_json_add_string_to_array(tn, origtn_val);
+					ks_json_add_item_to_object(orig, origtn_key, tn);
+#else
 					if (!ks_json_add_string_to_array(tn, origtn_val)) {
 						stir_shaken_set_error(ss, "Passport create json: Failed to add @orig to array", STIR_SHAKEN_ERROR_KSJSON_ADD_ORIG_TO_ARRAY);
 						ks_json_delete(&tn);
@@ -165,23 +180,30 @@ stir_shaken_status_t stir_shaken_passport_jwt_init(stir_shaken_context_t *ss, jw
 						ks_json_delete(&json);
 						return STIR_SHAKEN_STATUS_ERR;
 					}
-
+#endif
 				} else {
-
+#if KS_VERSION_NUM >= 20000
+					ks_json_add_string_to_object(orig, "tn", origtn_val);
+#else
 					if (!ks_json_add_string_to_object(orig, "tn", origtn_val)) {
 						stir_shaken_set_error(ss, "Passport create json: Failed to add @origtn", STIR_SHAKEN_ERROR_KSJSON_ADD_TN);
 						ks_json_delete(&orig);
 						ks_json_delete(&json);
 						return STIR_SHAKEN_STATUS_ERR;
 					}
+#endif
 				}
 
+#if KS_VERSION_NUM >= 20000
+				ks_json_add_item_to_object(json, "orig", orig);
+#else
 				if (!ks_json_add_item_to_object(json, "orig", orig)) {
 					stir_shaken_set_error(ss, "Passport create json: Failed to add @orig", STIR_SHAKEN_ERROR_KSJSON_ADD_ORIG);
 					ks_json_delete(&orig);
 					ks_json_delete(&json);
 					return STIR_SHAKEN_STATUS_ERR;
 				}
+#endif
 			}
 
 			if (!desttn_val) {
@@ -211,30 +233,46 @@ stir_shaken_status_t stir_shaken_passport_jwt_init(stir_shaken_context_t *ss, jw
 					return STIR_SHAKEN_STATUS_ERR;
 				}
 
+#if KS_VERSION_NUM >= 20000
+				ks_json_add_string_to_array(tn, desttn_val);
+#else
 				if (!ks_json_add_string_to_array(tn, desttn_val)) {
 						stir_shaken_set_error(ss, "Passport create json: Failed to add @desttn to array", STIR_SHAKEN_ERROR_KSJSON_ADD_DEST_TO_ARRAY);
 						ks_json_delete(&tn);
 						ks_json_delete(&dest);
 						ks_json_delete(&json);
 						return STIR_SHAKEN_STATUS_ERR;
 					}
+#endif
 
 				// If @desttn_key is NULL or empty, use "tn" form
 
+#if KS_VERSION_NUM >= 20000
+				if (stir_shaken_zstr(desttn_key)) {
+					ks_json_add_item_to_object(dest, "tn", tn);
+				} else {
+					ks_json_add_item_to_object(dest, desttn_key, tn);
+				}
+#else
 				if ((stir_shaken_zstr(desttn_key) && !ks_json_add_item_to_object(dest, "tn", tn)) || (!stir_shaken_zstr(desttn_key) && !ks_json_add_item_to_object(dest, desttn_key, tn))) {
 					stir_shaken_set_error(ss, "Passport create json: Failed to add @dest array", STIR_SHAKEN_ERROR_KSJSON_ADD_DEST_ARRAY);
 					ks_json_delete(&tn);
 					ks_json_delete(&dest);
 					ks_json_delete(&json);
 					return STIR_SHAKEN_STATUS_ERR;
 				}
+#endif
 
+#if KS_VERSION_NUM >= 20000
+				ks_json_add_item_to_object(json, "dest", dest);
+#else
 				if (!ks_json_add_item_to_object(json, "dest", dest)) {
 					stir_shaken_set_error(ss, "Passport create json: Failed to add @dest", STIR_SHAKEN_ERROR_KSJSON_ADD_DEST);
 					ks_json_delete(&dest);
 					ks_json_delete(&json);
 					return STIR_SHAKEN_STATUS_ERR;
 				}
+#endif
 			}
 
 			jstr = ks_json_print_unformatted(json);
@@ -644,9 +682,20 @@ char* stir_shaken_passport_get_identity(stir_shaken_context_t *ss, stir_shaken_p
 	}
 
 	if (ks_json_type_get(item) == KS_JSON_TYPE_STRING) {
-		id = strdup(ks_json_value_string(item));
+		const char *itemvalue = NULL;
+
+#if KS_VERSION_NUM >= 20000
+		ks_json_value_string(item, &itemvalue);
+#else
+		itemvalue = ks_json_value_string(item);
+#endif
+		id = strdup(itemvalue);
 	} else if (ks_json_type_get(item) == KS_JSON_TYPE_NUMBER) {
+#if KS_VERSION_NUM >= 20000
+		ks_json_value_number_int(item, &id_int);
+#else
 		id_int = ks_json_value_number_int(item);
+#endif
 		id = malloc(20);
 		if (!id) {
 			stir_shaken_set_error(ss, "Not enough memory", STIR_SHAKEN_ERROR_MEM_ID);