OpenIDC
diff --git a/‎Makefile.am‎
Lines changed: 2 additions & 0 deletions b/‎Makefile.am‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/handle/authz.c‎
Lines changed: 1 addition & 1 deletion b/‎src/handle/authz.c‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/handle/response.c‎
Lines changed: 6 additions & 6 deletions b/‎src/handle/response.c‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎src/handle/session_management.c‎
Lines changed: 2 additions & 2 deletions b/‎src/handle/session_management.c‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/handle/userinfo.c‎
Lines changed: 7 additions & 7 deletions b/‎src/handle/userinfo.c‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎src/metadata.c‎
Lines changed: 2 additions & 3 deletions b/‎src/metadata.c‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/mod_auth_openidc.c‎
Lines changed: 22 additions & 21 deletions b/‎src/mod_auth_openidc.c‎
Lines changed: 22 additions & 21 deletions
diff --git a/‎src/oauth.c‎
Lines changed: 4 additions & 4 deletions b/‎src/oauth.c‎
Lines changed: 4 additions & 4 deletions
@@ -43,8 +43,10 @@ libauth_openidc_la_SOURCES = \
 	src/proto/state.c \
 	src/proto/token.c \
 	src/proto/userinfo.c \
+	src/util/appinfo.c \
 	src/util/base64.c \
 	src/util/expr.c \
+	src/util/file.c \
 	src/util/html.c \
 	src/util/jq.c \
 	src/util/json.c \
 
@@ -45,8 +45,8 @@
 #include "http_protocol.h"
 #include "metrics.h"
 #include "mod_auth_openidc.h"
-#include "util/pcre_subst.h"
 #include "proto/proto.h"
+#include "util/pcre_subst.h"
 #include "util/util.h"
 
 static apr_byte_t oidc_authz_match_json_string(request_rec *r, const char *spec, json_t *val, const char *key) {
 
@@ -59,7 +59,7 @@ static int oidc_response_redirect_parent_window_to_logout(request_rec *r, oidc_c
 					 "    <script type=\"text/javascript\">\n"
 					 "      window.top.location.href = '%s?session=logout';\n"
 					 "    </script>\n",
-					 oidc_util_javascript_escape(r->pool, oidc_util_url_redirect_uri(r, c)));
+					 oidc_util_html_javascript_escape(r->pool, oidc_util_url_redirect_uri(r, c)));
 
 	return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, "Redirecting...", java_script, NULL, NULL);
 }
@@ -159,8 +159,9 @@ apr_byte_t oidc_response_post_preserve_javascript(request_rec *r, const char *lo
 	    "      }\n"
 	    "    </script>\n",
 	    jmethod, json,
-	    location ? apr_psprintf(r->pool, "window.location='%s';\n", oidc_util_javascript_escape(r->pool, location))
-		     : "");
+	    location
+		? apr_psprintf(r->pool, "window.location='%s';\n", oidc_util_html_javascript_escape(r->pool, location))
+		: "");
 
 	if (javascript_method)
 		*javascript_method = apr_pstrdup(r->pool, jmethod);
@@ -204,7 +205,7 @@ static int oidc_response_post_preserved_restore(request_rec *r, const char *orig
 			 "        document.forms[0].submit();\n"
 			 "      }\n"
 			 "    </script>\n",
-			 method, oidc_util_javascript_escape(r->pool, original_url));
+			 method, oidc_util_html_javascript_escape(r->pool, original_url));
 
 	const char *body = "    <p>Restoring...</p>\n"
 			   "    <form method=\"post\"></form>\n";
@@ -562,8 +563,7 @@ static int oidc_response_process(request_rec *r, oidc_cfg_t *c, oidc_session_t *
 				  "invalid authorization response state; a default SSO URL is set, sending the user "
 				  "there: %s",
 				  oidc_cfg_default_sso_url_get(c));
-			oidc_http_hdr_out_location_set(r,
-						       oidc_util_url_abs(r, c, oidc_cfg_default_sso_url_get(c)));
+			oidc_http_hdr_out_location_set(r, oidc_util_url_abs(r, c, oidc_cfg_default_sso_url_get(c)));
 			OIDC_METRICS_COUNTER_INC(r, c, OM_AUTHN_RESPONSE_ERROR_STATE_MISMATCH);
 			return HTTP_MOVED_TEMPORARILY;
 		}
 
@@ -203,8 +203,8 @@ int oidc_session_management(request_rec *r, oidc_cfg_t *c, oidc_session_t *sessi
 		 *       session now?
 		 */
 		return oidc_request_authenticate_user(
-		    r, c, provider, apr_psprintf(r->pool, "%s?session=iframe_rp", oidc_util_url_redirect_uri(r, c)), NULL,
-		    id_token_hint, "none", oidc_cfg_dir_path_auth_request_params_get(r),
+		    r, c, provider, apr_psprintf(r->pool, "%s?session=iframe_rp", oidc_util_url_redirect_uri(r, c)),
+		    NULL, id_token_hint, "none", oidc_cfg_dir_path_auth_request_params_get(r),
 		    oidc_cfg_dir_path_scope_get(r));
 	}
 
 
@@ -380,8 +380,8 @@ void oidc_userinfo_pass_as(request_rec *r, oidc_cfg_t *cfg, oidc_session_t *sess
 
 		case OIDC_PASS_USERINFO_AS_JSON_OBJECT:
 			/* pass the userinfo JSON object to the app in a header or environment variable */
-			oidc_util_set_app_info(r, p->name ? p->name : OIDC_APP_INFO_USERINFO_JSON, s_claims,
-					       p->name ? "" : OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
+			oidc_util_appinfo_set(r, p->name ? p->name : OIDC_APP_INFO_USERINFO_JSON, s_claims,
+					      p->name ? "" : OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
 			break;
 
 		case OIDC_PASS_USERINFO_AS_JWT:
@@ -391,9 +391,9 @@ void oidc_userinfo_pass_as(request_rec *r, oidc_cfg_t *cfg, oidc_session_t *sess
 				if (s_userinfo_jwt != NULL) {
 					/* pass the compact serialized JWT to the app in a header or environment
 					 * variable */
-					oidc_util_set_app_info(
-					    r, p->name ? p->name : OIDC_APP_INFO_USERINFO_JWT, s_userinfo_jwt,
-					    p->name ? "" : OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
+					oidc_util_appinfo_set(r, p->name ? p->name : OIDC_APP_INFO_USERINFO_JWT,
+							      s_userinfo_jwt, p->name ? "" : OIDC_DEFAULT_HEADER_PREFIX,
+							      pass_in, encoding);
 				} else {
 					oidc_debug(
 					    r,
@@ -409,8 +409,8 @@ void oidc_userinfo_pass_as(request_rec *r, oidc_cfg_t *cfg, oidc_session_t *sess
 		case OIDC_PASS_USERINFO_AS_SIGNED_JWT:
 
 			if (oidc_userinfo_create_signed_jwt(r, cfg, session, s_claims, &cser) == TRUE) {
-				oidc_util_set_app_info(r, p->name ? p->name : OIDC_APP_INFO_SIGNED_JWT, cser,
-						       p->name ? "" : OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
+				oidc_util_appinfo_set(r, p->name ? p->name : OIDC_APP_INFO_SIGNED_JWT, cser,
+						      p->name ? "" : OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
 			}
 			break;
 
 
@@ -581,9 +581,8 @@ static apr_byte_t oidc_metadata_client_register(request_rec *r, oidc_cfg_t *cfg,
 				     OIDC_REDIRECT_URI_REQUEST_LOGOUT, OIDC_BACKCHANNEL_STYLE_LOGOUT_PARAM_VALUE)));
 
 	if (oidc_cfg_default_slo_url_get(cfg) != NULL) {
-		json_object_set_new(
-		    data, OIDC_METADATA_POST_LOGOUT_REDIRECT_URIS,
-		    json_pack("[s]", oidc_util_url_abs(r, cfg, oidc_cfg_default_slo_url_get(cfg))));
+		json_object_set_new(data, OIDC_METADATA_POST_LOGOUT_REDIRECT_URIS,
+				    json_pack("[s]", oidc_util_url_abs(r, cfg, oidc_cfg_default_slo_url_get(cfg))));
 	}
 
 	/* add any custom JSON in to the registration request */
 
@@ -407,8 +407,9 @@ apr_byte_t oidc_set_app_claims(request_rec *r, oidc_cfg_t *cfg, const char *s_cl
 
 	/* set the resolved claims a HTTP headers for the application */
 	if (j_claims != NULL) {
-		oidc_util_set_app_infos(r, j_claims, oidc_cfg_claim_prefix_get(cfg), oidc_cfg_claim_delimiter_get(cfg),
-					pass_in, oidc_cfg_dir_pass_info_encoding_get(r));
+		oidc_util_appinfo_set_all(r, j_claims, oidc_cfg_claim_prefix_get(cfg),
+					  oidc_cfg_claim_delimiter_get(cfg), pass_in,
+					  oidc_cfg_dir_pass_info_encoding_get(r));
 
 		/* release resources */
 		json_decref(j_claims);
@@ -613,39 +614,39 @@ apr_byte_t oidc_session_pass_tokens(request_rec *r, oidc_cfg_t *cfg, oidc_sessio
 	const char *refresh_token = oidc_session_get_refresh_token(r, session);
 	if ((oidc_cfg_dir_pass_refresh_token_get(r) != 0) && (refresh_token != NULL)) {
 		/* pass it to the app in a header or environment variable */
-		oidc_util_set_app_info(r, OIDC_APP_INFO_REFRESH_TOKEN, refresh_token, OIDC_DEFAULT_HEADER_PREFIX,
-				       pass_in, encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_REFRESH_TOKEN, refresh_token, OIDC_DEFAULT_HEADER_PREFIX,
+				      pass_in, encoding);
 	}
 
 	/* set the access_token in the app headers/variables */
 	const char *access_token = oidc_session_get_access_token(r, session);
 	if ((oidc_cfg_dir_pass_access_token_get(r) != 0) && access_token != NULL) {
 		/* pass it to the app in a header or environment variable */
-		oidc_util_set_app_info(r, OIDC_APP_INFO_ACCESS_TOKEN, access_token, OIDC_DEFAULT_HEADER_PREFIX, pass_in,
-				       encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_ACCESS_TOKEN, access_token, OIDC_DEFAULT_HEADER_PREFIX, pass_in,
+				      encoding);
 	}
 
 	/* set the access_token type in the app headers/variables */
 	const char *access_token_type = oidc_session_get_access_token_type(r, session);
 	if ((oidc_cfg_dir_pass_access_token_get(r) != 0) && access_token_type != NULL) {
 		/* pass it to the app in a header or environment variable */
-		oidc_util_set_app_info(r, OIDC_APP_INFO_ACCESS_TOKEN_TYPE, access_token_type,
-				       OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_ACCESS_TOKEN_TYPE, access_token_type, OIDC_DEFAULT_HEADER_PREFIX,
+				      pass_in, encoding);
 	}
 
 	/* set the expiry timestamp in the app headers/variables */
 	const char *access_token_expires = oidc_session_get_access_token_expires2str(r, session);
 	if ((oidc_cfg_dir_pass_access_token_get(r) != 0) && access_token_expires != NULL) {
 		/* pass it to the app in a header or environment variable */
-		oidc_util_set_app_info(r, OIDC_APP_INFO_ACCESS_TOKEN_EXP, access_token_expires,
-				       OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_ACCESS_TOKEN_EXP, access_token_expires,
+				      OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
 	}
 
 	/* set the scope in the app headers/variables alongside of the access token, if enabled */
 	const char *scope = oidc_session_get_scope(r, session);
 	if ((oidc_cfg_dir_pass_access_token_get(r) != 0) && scope != NULL) {
 		/* pass it to the app in a header or environment variable */
-		oidc_util_set_app_info(r, OIDC_APP_INFO_SCOPE, scope, OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_SCOPE, scope, OIDC_DEFAULT_HEADER_PREFIX, pass_in, encoding);
 	}
 
 	if (extend_session) {
@@ -740,9 +741,9 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg_t *cfg, oidc_se
 			oidc_debug(r, "dir_action_on_error_refresh: %d", oidc_cfg_dir_action_on_error_refresh_get(r));
 			OIDC_METRICS_COUNTER_INC(r, cfg, OM_SESSION_ERROR_REFRESH_ACCESS_TOKEN);
 			if (oidc_cfg_dir_action_on_error_refresh_get(r) == OIDC_ON_ERROR_LOGOUT) {
-				return oidc_logout_request(
-				    r, cfg, session, oidc_util_url_abs(r, cfg, oidc_cfg_default_slo_url_get(cfg)),
-				    FALSE);
+				return oidc_logout_request(r, cfg, session,
+							   oidc_util_url_abs(r, cfg, oidc_cfg_default_slo_url_get(cfg)),
+							   FALSE);
 			}
 			if (oidc_cfg_dir_action_on_error_refresh_get(r) == OIDC_ON_ERROR_AUTH) {
 				oidc_session_kill(r, session);
@@ -758,9 +759,9 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg_t *cfg, oidc_se
 			oidc_debug(r, "action_on_userinfo_error: %d", oidc_cfg_action_on_userinfo_error_get(cfg));
 			OIDC_METRICS_COUNTER_INC(r, cfg, OM_SESSION_ERROR_REFRESH_USERINFO);
 			if (oidc_cfg_action_on_userinfo_error_get(cfg) == OIDC_ON_ERROR_LOGOUT) {
-				return oidc_logout_request(
-				    r, cfg, session, oidc_util_url_abs(r, cfg, oidc_cfg_default_slo_url_get(cfg)),
-				    FALSE);
+				return oidc_logout_request(r, cfg, session,
+							   oidc_util_url_abs(r, cfg, oidc_cfg_default_slo_url_get(cfg)),
+							   FALSE);
 			}
 			if (oidc_cfg_action_on_userinfo_error_get(cfg) == OIDC_ON_ERROR_AUTH) {
 				oidc_session_kill(r, session);
@@ -785,17 +786,17 @@ static int oidc_handle_existing_session(request_rec *r, oidc_cfg_t *cfg, oidc_se
 
 	if ((oidc_cfg_dir_pass_idtoken_as_get(r) & OIDC_PASS_IDTOKEN_AS_PAYLOAD)) {
 		/* pass the id_token JSON object to the app in a header or environment variable */
-		oidc_util_set_app_info(r, OIDC_APP_INFO_ID_TOKEN_PAYLOAD, s_id_token, OIDC_DEFAULT_HEADER_PREFIX,
-				       pass_in, encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_ID_TOKEN_PAYLOAD, s_id_token, OIDC_DEFAULT_HEADER_PREFIX,
+				      pass_in, encoding);
 	}
 
 	if ((oidc_cfg_dir_pass_idtoken_as_get(r) & OIDC_PASS_IDTOKEN_AS_SERIALIZED)) {
 		/* get the compact serialized JWT from the session */
 		s_id_token = oidc_session_get_idtoken(r, session);
 		if (s_id_token) {
 			/* pass the compact serialized JWT to the app in a header or environment variable */
-			oidc_util_set_app_info(r, OIDC_APP_INFO_ID_TOKEN, s_id_token, OIDC_DEFAULT_HEADER_PREFIX,
-					       pass_in, encoding);
+			oidc_util_appinfo_set(r, OIDC_APP_INFO_ID_TOKEN, s_id_token, OIDC_DEFAULT_HEADER_PREFIX,
+					      pass_in, encoding);
 		} else {
 			oidc_warn(r, "id_token was not found in the session so it cannot be passed on");
 		}
 
@@ -761,13 +761,13 @@ int oidc_oauth_check_userid(request_rec *r, oidc_cfg_t *c, const char *access_to
 		oidc_http_hdr_in_set(r, authn_header, r->user);
 
 	/* set the resolved claims in the HTTP headers for the target application */
-	oidc_util_set_app_infos(r, token, oidc_cfg_claim_prefix_get(c), oidc_cfg_claim_delimiter_get(c), pass_in,
-				encoding);
+	oidc_util_appinfo_set_all(r, token, oidc_cfg_claim_prefix_get(c), oidc_cfg_claim_delimiter_get(c), pass_in,
+				  encoding);
 
 	/* set the access_token in the app headers */
 	if (access_token != NULL) {
-		oidc_util_set_app_info(r, OIDC_APP_INFO_ACCESS_TOKEN, access_token, OIDC_DEFAULT_HEADER_PREFIX, pass_in,
-				       encoding);
+		oidc_util_appinfo_set(r, OIDC_APP_INFO_ACCESS_TOKEN, access_token, OIDC_DEFAULT_HEADER_PREFIX, pass_in,
+				      encoding);
 	}
 
 	/* free JSON resources */