diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-07 21:02:11 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-07 21:02:11 +0000 |
commit | 4c2b05fe49e5ee49c69337e763a3572af59e78d5 (patch) | |
tree | 0eef93b4e14e7dcd971546f69cc7eab0271da096 | |
parent | f278bb4ea15e3fec5fd426d40a460ddaf1e68f8c (diff) | |
download | gnunet-4c2b05fe49e5ee49c69337e763a3572af59e78d5.tar.gz gnunet-4c2b05fe49e5ee49c69337e763a3572af59e78d5.zip |
- Start commenting. Major refactor
-rw-r--r-- | src/identity-token/Makefile.am | 17 | ||||
-rw-r--r-- | src/identity-token/gnunet-service-identity-token.c | 48 | ||||
-rw-r--r-- | src/identity-token/identity-token.c | 269 | ||||
-rw-r--r-- | src/identity-token/identity-token.h | 190 | ||||
-rw-r--r-- | src/identity-token/plugin_rest_identity_token.c | 107 |
5 files changed, 393 insertions, 238 deletions
diff --git a/src/identity-token/Makefile.am b/src/identity-token/Makefile.am index 974de98d9..a9338ba59 100644 --- a/src/identity-token/Makefile.am +++ b/src/identity-token/Makefile.am | |||
@@ -19,10 +19,10 @@ libexecdir= $(pkglibdir)/libexec/ | |||
19 | pkgcfg_DATA = \ | 19 | pkgcfg_DATA = \ |
20 | identity-token.conf | 20 | identity-token.conf |
21 | 21 | ||
22 | if HAVE_REST | ||
23 | plugin_LTLIBRARIES = \ | 22 | plugin_LTLIBRARIES = \ |
24 | libgnunet_plugin_rest_identity_token.la | 23 | libgnunet_plugin_rest_identity_token.la |
25 | endif | 24 | lib_LTLIBRARIES = \ |
25 | libgnunetidentityprovider.la | ||
26 | 26 | ||
27 | bin_PROGRAMS = \ | 27 | bin_PROGRAMS = \ |
28 | gnunet-identity-token | 28 | gnunet-identity-token |
@@ -31,9 +31,9 @@ libexec_PROGRAMS = \ | |||
31 | gnunet-service-identity-token | 31 | gnunet-service-identity-token |
32 | 32 | ||
33 | gnunet_service_identity_token_SOURCES = \ | 33 | gnunet_service_identity_token_SOURCES = \ |
34 | gnunet-service-identity-token.c \ | 34 | gnunet-service-identity-token.c |
35 | identity-token.c | ||
36 | gnunet_service_identity_token_LDADD = \ | 35 | gnunet_service_identity_token_LDADD = \ |
36 | libgnunetidentityprovider.la \ | ||
37 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ | 37 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ |
38 | $(top_builddir)/src/util/libgnunetutil.la \ | 38 | $(top_builddir)/src/util/libgnunetutil.la \ |
39 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ | 39 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ |
@@ -41,9 +41,14 @@ gnunet_service_identity_token_LDADD = \ | |||
41 | $(GN_LIBINTL) \ | 41 | $(GN_LIBINTL) \ |
42 | -ljansson | 42 | -ljansson |
43 | 43 | ||
44 | libgnunetidentityprovider_la_SOURCES = \ | ||
45 | identity-token.c | ||
46 | libgnunetidentityprovider_la_LIBADD = \ | ||
47 | $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ | ||
48 | $(LTLIBINTL) -ljansson | ||
49 | |||
44 | libgnunet_plugin_rest_identity_token_la_SOURCES = \ | 50 | libgnunet_plugin_rest_identity_token_la_SOURCES = \ |
45 | plugin_rest_identity_token.c \ | 51 | plugin_rest_identity_token.c |
46 | identity-token.c | ||
47 | libgnunet_plugin_rest_identity_token_la_LIBADD = \ | 52 | libgnunet_plugin_rest_identity_token_la_LIBADD = \ |
48 | $(top_builddir)/src/identity/libgnunetidentity.la \ | 53 | $(top_builddir)/src/identity/libgnunetidentity.la \ |
49 | $(top_builddir)/src/rest/libgnunetrest.la \ | 54 | $(top_builddir)/src/rest/libgnunetrest.la \ |
diff --git a/src/identity-token/gnunet-service-identity-token.c b/src/identity-token/gnunet-service-identity-token.c index 00fc25852..039d1c7e0 100644 --- a/src/identity-token/gnunet-service-identity-token.c +++ b/src/identity-token/gnunet-service-identity-token.c | |||
@@ -30,7 +30,7 @@ | |||
30 | #include "gnunet_namestore_service.h" | 30 | #include "gnunet_namestore_service.h" |
31 | #include <jansson.h> | 31 | #include <jansson.h> |
32 | #include "gnunet_signatures.h" | 32 | #include "gnunet_signatures.h" |
33 | #include "identity-token.h" | 33 | #include "gnunet_identity_provider_lib.h" |
34 | 34 | ||
35 | /** | 35 | /** |
36 | * First pass state | 36 | * First pass state |
@@ -102,7 +102,7 @@ static struct GNUNET_TIME_Relative min_rel_exp; | |||
102 | /** | 102 | /** |
103 | * Currently processed token | 103 | * Currently processed token |
104 | */ | 104 | */ |
105 | static struct IdentityToken *token; | 105 | static struct GNUNET_IDENTITY_PROVIDER_Token *token; |
106 | 106 | ||
107 | /** | 107 | /** |
108 | * Label for currently processed token | 108 | * Label for currently processed token |
@@ -201,9 +201,8 @@ handle_token_update (void *cls, | |||
201 | char *write_ptr; | 201 | char *write_ptr; |
202 | char *enc_token_str; | 202 | char *enc_token_str; |
203 | const char *key; | 203 | const char *key; |
204 | const char *iss; | ||
205 | const char *aud; | ||
206 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 204 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
205 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | ||
207 | struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; | 206 | struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; |
208 | struct EgoEntry *ego_entry = cls; | 207 | struct EgoEntry *ego_entry = cls; |
209 | struct GNUNET_GNSRECORD_Data token_record[2]; | 208 | struct GNUNET_GNSRECORD_Data token_record[2]; |
@@ -215,7 +214,7 @@ handle_token_update (void *cls, | |||
215 | struct GNUNET_TIME_Absolute new_exp; | 214 | struct GNUNET_TIME_Absolute new_exp; |
216 | struct GNUNET_TIME_Absolute new_iat; | 215 | struct GNUNET_TIME_Absolute new_iat; |
217 | struct GNUNET_TIME_Absolute new_nbf; | 216 | struct GNUNET_TIME_Absolute new_nbf; |
218 | struct IdentityToken *new_token; | 217 | struct GNUNET_IDENTITY_PROVIDER_Token *new_token; |
219 | json_t *payload_json; | 218 | json_t *payload_json; |
220 | json_t *value; | 219 | json_t *value; |
221 | json_t *cur_value; | 220 | json_t *cur_value; |
@@ -224,6 +223,8 @@ handle_token_update (void *cls, | |||
224 | size_t token_metadata_len; | 223 | size_t token_metadata_len; |
225 | 224 | ||
226 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | 225 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
226 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, | ||
227 | &pub_key); | ||
227 | 228 | ||
228 | //Note: We need the token expiration time here. Not the record expiration | 229 | //Note: We need the token expiration time here. Not the record expiration |
229 | //time. | 230 | //time. |
@@ -262,9 +263,8 @@ handle_token_update (void *cls, | |||
262 | } | 263 | } |
263 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 264 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
264 | "Token is expired. Create a new one\n"); | 265 | "Token is expired. Create a new one\n"); |
265 | iss = json_string_value (json_object_get (payload_json, "iss")); | 266 | new_token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key, |
266 | aud = json_string_value (json_object_get (payload_json, "aud")); | 267 | &token->aud_key); |
267 | new_token = identity_token_create (iss, aud); | ||
268 | new_exp = GNUNET_TIME_relative_to_absolute (token_rel_exp); | 268 | new_exp = GNUNET_TIME_relative_to_absolute (token_rel_exp); |
269 | new_nbf = GNUNET_TIME_absolute_get (); | 269 | new_nbf = GNUNET_TIME_absolute_get (); |
270 | new_iat = new_nbf; | 270 | new_iat = new_nbf; |
@@ -272,15 +272,15 @@ handle_token_update (void *cls, | |||
272 | json_object_foreach(payload_json, key, value) { | 272 | json_object_foreach(payload_json, key, value) { |
273 | if (0 == strcmp (key, "exp")) | 273 | if (0 == strcmp (key, "exp")) |
274 | { | 274 | { |
275 | identity_token_add_json (new_token, key, json_integer (new_exp.abs_value_us)); | 275 | GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer (new_exp.abs_value_us)); |
276 | } | 276 | } |
277 | else if (0 == strcmp (key, "nbf")) | 277 | else if (0 == strcmp (key, "nbf")) |
278 | { | 278 | { |
279 | identity_token_add_json (new_token, key, json_integer (new_nbf.abs_value_us)); | 279 | GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer (new_nbf.abs_value_us)); |
280 | } | 280 | } |
281 | else if (0 == strcmp (key, "iat")) | 281 | else if (0 == strcmp (key, "iat")) |
282 | { | 282 | { |
283 | identity_token_add_json (new_token, key, json_integer (new_iat.abs_value_us)); | 283 | GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer (new_iat.abs_value_us)); |
284 | } | 284 | } |
285 | else if ((0 == strcmp (key, "iss")) | 285 | else if ((0 == strcmp (key, "iss")) |
286 | || (0 == strcmp (key, "aud"))) | 286 | || (0 == strcmp (key, "aud"))) |
@@ -290,7 +290,7 @@ handle_token_update (void *cls, | |||
290 | else if ((0 == strcmp (key, "sub")) | 290 | else if ((0 == strcmp (key, "sub")) |
291 | || (0 == strcmp (key, "rnl"))) | 291 | || (0 == strcmp (key, "rnl"))) |
292 | { | 292 | { |
293 | identity_token_add_json (new_token, key, value); | 293 | GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, value); |
294 | } | 294 | } |
295 | else { | 295 | else { |
296 | GNUNET_CRYPTO_hash (key, | 296 | GNUNET_CRYPTO_hash (key, |
@@ -302,16 +302,16 @@ handle_token_update (void *cls, | |||
302 | { | 302 | { |
303 | cur_value = GNUNET_CONTAINER_multihashmap_get (ego_entry->attr_map, | 303 | cur_value = GNUNET_CONTAINER_multihashmap_get (ego_entry->attr_map, |
304 | &key_hash); | 304 | &key_hash); |
305 | identity_token_add_json (new_token, key, cur_value); | 305 | GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, cur_value); |
306 | } | 306 | } |
307 | } | 307 | } |
308 | } | 308 | } |
309 | 309 | ||
310 | // reassemble and set | 310 | // reassemble and set |
311 | GNUNET_assert (identity_token_serialize (new_token, | 311 | GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (new_token, |
312 | priv_key, | 312 | priv_key, |
313 | &new_ecdhe_privkey, | 313 | &new_ecdhe_privkey, |
314 | &enc_token_str)); | 314 | &enc_token_str)); |
315 | 315 | ||
316 | json_decref (payload_json); | 316 | json_decref (payload_json); |
317 | 317 | ||
@@ -347,10 +347,10 @@ handle_token_update (void *cls, | |||
347 | &store_token_cont, | 347 | &store_token_cont, |
348 | ego_entry); | 348 | ego_entry); |
349 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, ">>> Updating Token w/ %s\n", new_token); | 349 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, ">>> Updating Token w/ %s\n", new_token); |
350 | identity_token_destroy (new_token); | 350 | GNUNET_IDENTITY_PROVIDER_token_destroy (new_token); |
351 | GNUNET_IDENTITY_PROVIDER_token_destroy (token); | ||
351 | GNUNET_free (new_ecdhe_privkey); | 352 | GNUNET_free (new_ecdhe_privkey); |
352 | GNUNET_free (enc_token_str); | 353 | GNUNET_free (enc_token_str); |
353 | GNUNET_free (token); | ||
354 | token = NULL; | 354 | token = NULL; |
355 | GNUNET_free (label); | 355 | GNUNET_free (label); |
356 | label = NULL; | 356 | label = NULL; |
@@ -438,16 +438,16 @@ token_collect (void *cls, | |||
438 | } | 438 | } |
439 | GNUNET_assert (token_metadata_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA); | 439 | GNUNET_assert (token_metadata_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA); |
440 | GNUNET_assert (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN); | 440 | GNUNET_assert (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN); |
441 | 441 | ||
442 | //Get metadata and decrypt token | 442 | //Get metadata and decrypt token |
443 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); | 443 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); |
444 | aud_key = (struct GNUNET_CRYPTO_EcdsaPublicKey *)&ecdhe_privkey+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey); | 444 | aud_key = (struct GNUNET_CRYPTO_EcdsaPublicKey *)&ecdhe_privkey+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey); |
445 | scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 445 | scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
446 | 446 | ||
447 | identity_token_parse2 (token_record->data, | 447 | GNUNET_IDENTITY_PROVIDER_token_parse2 (token_record->data, |
448 | &ecdhe_privkey, | 448 | &ecdhe_privkey, |
449 | aud_key, | 449 | aud_key, |
450 | &token); | 450 | &token); |
451 | 451 | ||
452 | //token = GNUNET_GNSRECORD_value_to_string (rd->record_type, | 452 | //token = GNUNET_GNSRECORD_value_to_string (rd->record_type, |
453 | // rd->data, | 453 | // rd->data, |
diff --git a/src/identity-token/identity-token.c b/src/identity-token/identity-token.c index dc0154c21..a9f210b14 100644 --- a/src/identity-token/identity-token.c +++ b/src/identity-token/identity-token.c | |||
@@ -26,7 +26,7 @@ | |||
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet_util_lib.h" | 27 | #include "gnunet_util_lib.h" |
28 | #include "gnunet_signatures.h" | 28 | #include "gnunet_signatures.h" |
29 | #include "identity-token.h" | 29 | #include "gnunet_identity_provider_lib.h" |
30 | #include <jansson.h> | 30 | #include <jansson.h> |
31 | 31 | ||
32 | 32 | ||
@@ -189,13 +189,22 @@ encrypt_str_ecdhe (const char *plaintext, | |||
189 | * @param id the JSON API resource id | 189 | * @param id the JSON API resource id |
190 | * @return a new JSON API resource or NULL on error. | 190 | * @return a new JSON API resource or NULL on error. |
191 | */ | 191 | */ |
192 | struct IdentityToken* | 192 | struct GNUNET_IDENTITY_PROVIDER_Token* |
193 | identity_token_create (const char* issuer, | 193 | GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey* iss, |
194 | const char* audience) | 194 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud) |
195 | { | 195 | { |
196 | struct IdentityToken *token; | 196 | struct GNUNET_IDENTITY_PROVIDER_Token *token; |
197 | char* audience; | ||
198 | char* issuer; | ||
197 | 199 | ||
198 | token = GNUNET_malloc (sizeof (struct IdentityToken)); | 200 | issuer = GNUNET_STRINGS_data_to_string_alloc (iss, |
201 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
202 | audience = GNUNET_STRINGS_data_to_string_alloc (aud, | ||
203 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
204 | |||
205 | |||
206 | |||
207 | token = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token)); | ||
199 | 208 | ||
200 | token->header = json_object(); | 209 | token->header = json_object(); |
201 | token->payload = json_object(); | 210 | token->payload = json_object(); |
@@ -206,16 +215,14 @@ identity_token_create (const char* issuer, | |||
206 | json_object_set_new (token->payload, "iss", json_string (issuer)); | 215 | json_object_set_new (token->payload, "iss", json_string (issuer)); |
207 | json_object_set_new (token->payload, "aud", json_string (audience)); | 216 | json_object_set_new (token->payload, "aud", json_string (audience)); |
208 | 217 | ||
209 | GNUNET_STRINGS_string_to_data (audience, | 218 | token->aud_key = *aud; |
210 | strlen (audience), | 219 | GNUNET_free (issuer); |
211 | &token->aud_key, | 220 | GNUNET_free (audience); |
212 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
213 | |||
214 | return token; | 221 | return token; |
215 | } | 222 | } |
216 | 223 | ||
217 | void | 224 | void |
218 | identity_token_destroy (struct IdentityToken *token) | 225 | GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token) |
219 | { | 226 | { |
220 | json_decref (token->header); | 227 | json_decref (token->header); |
221 | json_decref (token->payload); | 228 | json_decref (token->payload); |
@@ -223,9 +230,9 @@ identity_token_destroy (struct IdentityToken *token) | |||
223 | } | 230 | } |
224 | 231 | ||
225 | void | 232 | void |
226 | identity_token_add_attr (const struct IdentityToken *token, | 233 | GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
227 | const char* key, | 234 | const char* key, |
228 | const char* value) | 235 | const char* value) |
229 | { | 236 | { |
230 | GNUNET_assert (NULL != token); | 237 | GNUNET_assert (NULL != token); |
231 | GNUNET_assert (NULL != token->payload); | 238 | GNUNET_assert (NULL != token->payload); |
@@ -234,9 +241,9 @@ identity_token_add_attr (const struct IdentityToken *token, | |||
234 | } | 241 | } |
235 | 242 | ||
236 | void | 243 | void |
237 | identity_token_add_json (const struct IdentityToken *token, | 244 | GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
238 | const char* key, | 245 | const char* key, |
239 | json_t* value) | 246 | json_t* value) |
240 | { | 247 | { |
241 | GNUNET_assert (NULL != token); | 248 | GNUNET_assert (NULL != token); |
242 | GNUNET_assert (NULL != token->payload); | 249 | GNUNET_assert (NULL != token->payload); |
@@ -246,10 +253,10 @@ identity_token_add_json (const struct IdentityToken *token, | |||
246 | 253 | ||
247 | 254 | ||
248 | int | 255 | int |
249 | identity_token_parse2 (const char* raw_data, | 256 | GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* raw_data, |
250 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | 257 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, |
251 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 258 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
252 | struct IdentityToken **result) | 259 | struct GNUNET_IDENTITY_PROVIDER_Token **result) |
253 | { | 260 | { |
254 | char *enc_token_str; | 261 | char *enc_token_str; |
255 | char *tmp_buf; | 262 | char *tmp_buf; |
@@ -292,7 +299,7 @@ identity_token_parse2 (const char* raw_data, | |||
292 | //TODO signature | 299 | //TODO signature |
293 | 300 | ||
294 | 301 | ||
295 | *result = GNUNET_malloc (sizeof (struct IdentityToken)); | 302 | *result = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token)); |
296 | (*result)->aud_key = *aud_key; | 303 | (*result)->aud_key = *aud_key; |
297 | (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); | 304 | (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); |
298 | (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); | 305 | (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); |
@@ -305,9 +312,9 @@ identity_token_parse2 (const char* raw_data, | |||
305 | } | 312 | } |
306 | 313 | ||
307 | int | 314 | int |
308 | identity_token_parse (const char* raw_data, | 315 | GNUNET_IDENTITY_PROVIDER_token_parse (const char* raw_data, |
309 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 316 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
310 | struct IdentityToken **result) | 317 | struct GNUNET_IDENTITY_PROVIDER_Token **result) |
311 | { | 318 | { |
312 | char *ecdh_pubkey_str; | 319 | char *ecdh_pubkey_str; |
313 | char *enc_token_str; | 320 | char *enc_token_str; |
@@ -356,7 +363,7 @@ identity_token_parse (const char* raw_data, | |||
356 | //TODO signature and aud key | 363 | //TODO signature and aud key |
357 | 364 | ||
358 | 365 | ||
359 | *result = GNUNET_malloc (sizeof (struct IdentityToken)); | 366 | *result = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token)); |
360 | (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); | 367 | (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); |
361 | (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); | 368 | (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); |
362 | GNUNET_free (enc_token); | 369 | GNUNET_free (enc_token); |
@@ -368,9 +375,9 @@ identity_token_parse (const char* raw_data, | |||
368 | } | 375 | } |
369 | 376 | ||
370 | int | 377 | int |
371 | identity_token_to_string (const struct IdentityToken *token, | 378 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
372 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 379 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
373 | char **result) | 380 | char **result) |
374 | { | 381 | { |
375 | char *payload_str; | 382 | char *payload_str; |
376 | char *header_str; | 383 | char *header_str; |
@@ -436,10 +443,10 @@ identity_token_to_string (const struct IdentityToken *token, | |||
436 | } | 443 | } |
437 | 444 | ||
438 | int | 445 | int |
439 | identity_token_serialize (const struct IdentityToken *token, | 446 | GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
440 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 447 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
441 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | 448 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, |
442 | char **result) | 449 | char **result) |
443 | { | 450 | { |
444 | char *token_str; | 451 | char *token_str; |
445 | char *enc_token; | 452 | char *enc_token; |
@@ -447,9 +454,9 @@ identity_token_serialize (const struct IdentityToken *token, | |||
447 | char *enc_token_base64; | 454 | char *enc_token_base64; |
448 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | 455 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; |
449 | 456 | ||
450 | GNUNET_assert (GNUNET_OK == identity_token_to_string (token, | 457 | GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (token, |
451 | priv_key, | 458 | priv_key, |
452 | &token_str)); | 459 | &token_str)); |
453 | 460 | ||
454 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, | 461 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, |
455 | &token->aud_key, | 462 | &token->aud_key, |
@@ -469,14 +476,14 @@ identity_token_serialize (const struct IdentityToken *token, | |||
469 | return GNUNET_OK; | 476 | return GNUNET_OK; |
470 | } | 477 | } |
471 | 478 | ||
472 | struct IdentityTokenCodePayload* | 479 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* |
473 | identity_token_code_payload_create (const char* nonce, | 480 | GNUNET_IDENTITY_PROVIDER_ticket_payload_create (const char* nonce, |
474 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 481 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, |
475 | const char* lbl_str) | 482 | const char* lbl_str) |
476 | { | 483 | { |
477 | struct IdentityTokenCodePayload* payload; | 484 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* payload; |
478 | 485 | ||
479 | payload = GNUNET_malloc (sizeof (struct IdentityTokenCodePayload)); | 486 | payload = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload)); |
480 | GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce)); | 487 | GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce)); |
481 | payload->identity_key = *identity_pkey; | 488 | payload->identity_key = *identity_pkey; |
482 | GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); | 489 | GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); |
@@ -484,7 +491,7 @@ identity_token_code_payload_create (const char* nonce, | |||
484 | } | 491 | } |
485 | 492 | ||
486 | void | 493 | void |
487 | identity_token_code_payload_destroy (struct IdentityTokenCodePayload* payload) | 494 | GNUNET_IDENTITY_PROVIDER_ticket_payload_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* payload) |
488 | { | 495 | { |
489 | GNUNET_free (payload->nonce); | 496 | GNUNET_free (payload->nonce); |
490 | GNUNET_free (payload->label); | 497 | GNUNET_free (payload->label); |
@@ -492,8 +499,8 @@ identity_token_code_payload_destroy (struct IdentityTokenCodePayload* payload) | |||
492 | } | 499 | } |
493 | 500 | ||
494 | void | 501 | void |
495 | identity_token_code_payload_serialize (struct IdentityTokenCodePayload *payload, | 502 | GNUNET_IDENTITY_PROVIDER_ticket_payload_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload, |
496 | char **result) | 503 | char **result) |
497 | { | 504 | { |
498 | char* identity_key_str; | 505 | char* identity_key_str; |
499 | 506 | ||
@@ -512,60 +519,60 @@ identity_token_code_payload_serialize (struct IdentityTokenCodePayload *payload, | |||
512 | * Create the token code | 519 | * Create the token code |
513 | * The metadata is encrypted with a share ECDH derived secret using B (aud_key) | 520 | * The metadata is encrypted with a share ECDH derived secret using B (aud_key) |
514 | * and e (ecdh_privkey) | 521 | * and e (ecdh_privkey) |
515 | * The token_code also contains E (ecdh_pubkey) and a signature over the | 522 | * The ticket also contains E (ecdh_pubkey) and a signature over the |
516 | * metadata and E | 523 | * metadata and E |
517 | */ | 524 | */ |
518 | struct IdentityTokenCode* | 525 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket* |
519 | identity_token_code_create (const char* nonce_str, | 526 | GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, |
520 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 527 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, |
521 | const char* lbl_str, | 528 | const char* lbl_str, |
522 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) | 529 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) |
523 | { | 530 | { |
524 | struct IdentityTokenCode *token_code; | 531 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket; |
525 | struct IdentityTokenCodePayload *code_payload; | 532 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *code_payload; |
526 | 533 | ||
527 | token_code = GNUNET_malloc (sizeof (struct IdentityTokenCode)); | 534 | ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_TokenTicket)); |
528 | code_payload = identity_token_code_payload_create (nonce_str, | 535 | code_payload = GNUNET_IDENTITY_PROVIDER_ticket_payload_create (nonce_str, |
529 | identity_pkey, | 536 | identity_pkey, |
530 | lbl_str); | 537 | lbl_str); |
531 | token_code->aud_key = *aud_key; | 538 | ticket->aud_key = *aud_key; |
532 | token_code->payload = code_payload; | 539 | ticket->payload = code_payload; |
533 | 540 | ||
534 | 541 | ||
535 | return token_code; | 542 | return ticket; |
536 | } | 543 | } |
537 | 544 | ||
538 | void | 545 | void |
539 | identity_token_code_destroy (struct IdentityTokenCode *token_code) | 546 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket) |
540 | { | 547 | { |
541 | identity_token_code_payload_destroy (token_code->payload); | 548 | GNUNET_IDENTITY_PROVIDER_ticket_payload_destroy (ticket->payload); |
542 | GNUNET_free (token_code); | 549 | GNUNET_free (ticket); |
543 | } | 550 | } |
544 | 551 | ||
545 | int | 552 | int |
546 | identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | 553 | GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, |
547 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 554 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
548 | char **result) | 555 | char **result) |
549 | { | 556 | { |
550 | char *code_payload_str; | 557 | char *code_payload_str; |
551 | char *enc_token_code_payload; | 558 | char *enc_ticket_payload; |
552 | char *token_code_payload_str; | 559 | char *ticket_payload_str; |
553 | char *token_code_sig_str; | 560 | char *ticket_sig_str; |
554 | char *token_code_str; | 561 | char *ticket_str; |
555 | char *dh_key_str; | 562 | char *dh_key_str; |
556 | char *write_ptr; | 563 | char *write_ptr; |
557 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | 564 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; |
558 | 565 | ||
559 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 566 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
560 | 567 | ||
561 | identity_token_code_payload_serialize (identity_token_code->payload, | 568 | GNUNET_IDENTITY_PROVIDER_ticket_payload_serialize (ticket->payload, |
562 | &code_payload_str); | 569 | &code_payload_str); |
563 | 570 | ||
564 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, | 571 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, |
565 | &identity_token_code->aud_key, | 572 | &ticket->aud_key, |
566 | &enc_token_code_payload, | 573 | &enc_ticket_payload, |
567 | &ecdhe_privkey, | 574 | &ecdhe_privkey, |
568 | &identity_token_code->ecdh_pubkey)); | 575 | &ticket->ecdh_pubkey)); |
569 | 576 | ||
570 | GNUNET_free (ecdhe_privkey); | 577 | GNUNET_free (ecdhe_privkey); |
571 | 578 | ||
@@ -577,44 +584,44 @@ identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | |||
577 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 584 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
578 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | 585 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + |
579 | strlen (code_payload_str)); | 586 | strlen (code_payload_str)); |
580 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE); | 587 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); |
581 | write_ptr = (char*) &purpose[1]; | 588 | write_ptr = (char*) &purpose[1]; |
582 | memcpy (write_ptr, | 589 | memcpy (write_ptr, |
583 | &identity_token_code->ecdh_pubkey, | 590 | &ticket->ecdh_pubkey, |
584 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 591 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
585 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); | 592 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); |
586 | memcpy (write_ptr, enc_token_code_payload, strlen (code_payload_str)); | 593 | memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); |
587 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, | 594 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, |
588 | purpose, | 595 | purpose, |
589 | &identity_token_code->signature)); | 596 | &ticket->signature)); |
590 | GNUNET_STRINGS_base64_encode (enc_token_code_payload, | 597 | GNUNET_STRINGS_base64_encode (enc_ticket_payload, |
591 | strlen (code_payload_str), | 598 | strlen (code_payload_str), |
592 | &token_code_payload_str); | 599 | &ticket_payload_str); |
593 | token_code_sig_str = GNUNET_STRINGS_data_to_string_alloc (&identity_token_code->signature, | 600 | ticket_sig_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->signature, |
594 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | 601 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); |
595 | 602 | ||
596 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&identity_token_code->ecdh_pubkey, | 603 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, |
597 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 604 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
598 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s to encrypt\n", dh_key_str); | 605 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s to encrypt\n", dh_key_str); |
599 | GNUNET_asprintf (&token_code_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", | 606 | GNUNET_asprintf (&ticket_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", |
600 | token_code_payload_str, dh_key_str, token_code_sig_str); | 607 | ticket_payload_str, dh_key_str, ticket_sig_str); |
601 | GNUNET_STRINGS_base64_encode (token_code_str, strlen (token_code_str), result); | 608 | GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); |
602 | GNUNET_free (dh_key_str); | 609 | GNUNET_free (dh_key_str); |
603 | GNUNET_free (purpose); | 610 | GNUNET_free (purpose); |
604 | GNUNET_free (token_code_str); | 611 | GNUNET_free (ticket_str); |
605 | GNUNET_free (token_code_sig_str); | 612 | GNUNET_free (ticket_sig_str); |
606 | GNUNET_free (code_payload_str); | 613 | GNUNET_free (code_payload_str); |
607 | GNUNET_free (enc_token_code_payload); | 614 | GNUNET_free (enc_ticket_payload); |
608 | GNUNET_free (token_code_payload_str); | 615 | GNUNET_free (ticket_payload_str); |
609 | return GNUNET_OK; | 616 | return GNUNET_OK; |
610 | } | 617 | } |
611 | 618 | ||
612 | int | 619 | int |
613 | identity_token_code_payload_parse(const char *raw_data, | 620 | GNUNET_IDENTITY_PROVIDER_ticket_payload_parse(const char *raw_data, |
614 | ssize_t data_len, | 621 | ssize_t data_len, |
615 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 622 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
616 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, | 623 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, |
617 | struct IdentityTokenCodePayload **result) | 624 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload **result) |
618 | { | 625 | { |
619 | const char* label_str; | 626 | const char* label_str; |
620 | const char* nonce_str; | 627 | const char* nonce_str; |
@@ -690,9 +697,9 @@ identity_token_code_payload_parse(const char *raw_data, | |||
690 | nonce_str = json_string_value (nonce_json); | 697 | nonce_str = json_string_value (nonce_json); |
691 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); | 698 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); |
692 | 699 | ||
693 | *result = identity_token_code_payload_create (nonce_str, | 700 | *result = GNUNET_IDENTITY_PROVIDER_ticket_payload_create (nonce_str, |
694 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | 701 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, |
695 | label_str); | 702 | label_str); |
696 | GNUNET_free (meta_str); | 703 | GNUNET_free (meta_str); |
697 | json_decref (root); | 704 | json_decref (root); |
698 | return GNUNET_OK; | 705 | return GNUNET_OK; |
@@ -700,9 +707,9 @@ identity_token_code_payload_parse(const char *raw_data, | |||
700 | } | 707 | } |
701 | 708 | ||
702 | int | 709 | int |
703 | identity_token_code_parse (const char *raw_data, | 710 | GNUNET_IDENTITY_PROVIDER_ticket_parse (const char *raw_data, |
704 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 711 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
705 | struct IdentityTokenCode **result) | 712 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket **result) |
706 | { | 713 | { |
707 | const char* enc_meta_str; | 714 | const char* enc_meta_str; |
708 | const char* ecdh_enc_str; | 715 | const char* ecdh_enc_str; |
@@ -714,17 +721,17 @@ identity_token_code_parse (const char *raw_data, | |||
714 | json_t *enc_meta_json; | 721 | json_t *enc_meta_json; |
715 | json_error_t err_json; | 722 | json_error_t err_json; |
716 | char* enc_meta; | 723 | char* enc_meta; |
717 | char* token_code_decoded; | 724 | char* ticket_decoded; |
718 | char* write_ptr; | 725 | char* write_ptr; |
719 | size_t enc_meta_len; | 726 | size_t enc_meta_len; |
720 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 727 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
721 | struct IdentityTokenCode *token_code; | 728 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket; |
722 | struct IdentityTokenCodePayload *token_code_payload; | 729 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *ticket_payload; |
723 | 730 | ||
724 | token_code_decoded = NULL; | 731 | ticket_decoded = NULL; |
725 | GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &token_code_decoded); | 732 | GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &ticket_decoded); |
726 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Token Code: %s\n", token_code_decoded); | 733 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Token Code: %s\n", ticket_decoded); |
727 | root = json_loads (token_code_decoded, JSON_DECODE_ANY, &err_json); | 734 | root = json_loads (ticket_decoded, JSON_DECODE_ANY, &err_json); |
728 | if (!root) | 735 | if (!root) |
729 | { | 736 | { |
730 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 737 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -740,27 +747,27 @@ identity_token_code_parse (const char *raw_data, | |||
740 | ecdh_enc_str = json_string_value (ecdh_json); | 747 | ecdh_enc_str = json_string_value (ecdh_json); |
741 | enc_meta_str = json_string_value (enc_meta_json); | 748 | enc_meta_str = json_string_value (enc_meta_json); |
742 | 749 | ||
743 | token_code = GNUNET_malloc (sizeof (struct IdentityTokenCode)); | 750 | ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_TokenTicket)); |
744 | 751 | ||
745 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str, | 752 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str, |
746 | strlen (ecdh_enc_str), | 753 | strlen (ecdh_enc_str), |
747 | &token_code->ecdh_pubkey, | 754 | &ticket->ecdh_pubkey, |
748 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) | 755 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) |
749 | { | 756 | { |
750 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in metadata\n", ecdh_enc_str); | 757 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in metadata\n", ecdh_enc_str); |
751 | json_decref (root); | 758 | json_decref (root); |
752 | GNUNET_free (token_code); | 759 | GNUNET_free (ticket); |
753 | return GNUNET_SYSERR; | 760 | return GNUNET_SYSERR; |
754 | } | 761 | } |
755 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s for metadata decryption\n", ecdh_enc_str); | 762 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s for metadata decryption\n", ecdh_enc_str); |
756 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, | 763 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, |
757 | strlen (signature_enc_str), | 764 | strlen (signature_enc_str), |
758 | &token_code->signature, | 765 | &ticket->signature, |
759 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) | 766 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) |
760 | { | 767 | { |
761 | json_decref (root); | 768 | json_decref (root); |
762 | GNUNET_free (token_code_decoded); | 769 | GNUNET_free (ticket_decoded); |
763 | GNUNET_free (token_code); | 770 | GNUNET_free (ticket); |
764 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in metadata\n"); | 771 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in metadata\n"); |
765 | return GNUNET_SYSERR; | 772 | return GNUNET_SYSERR; |
766 | } | 773 | } |
@@ -770,13 +777,13 @@ identity_token_code_parse (const char *raw_data, | |||
770 | &enc_meta); | 777 | &enc_meta); |
771 | 778 | ||
772 | 779 | ||
773 | identity_token_code_payload_parse (enc_meta, | 780 | GNUNET_IDENTITY_PROVIDER_ticket_payload_parse (enc_meta, |
774 | enc_meta_len, | 781 | enc_meta_len, |
775 | priv_key, | 782 | priv_key, |
776 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&token_code->ecdh_pubkey, | 783 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, |
777 | &token_code_payload); | 784 | &ticket_payload); |
778 | 785 | ||
779 | token_code->payload = token_code_payload; | 786 | ticket->payload = ticket_payload; |
780 | //TODO: check signature here | 787 | //TODO: check signature here |
781 | purpose = | 788 | purpose = |
782 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 789 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
@@ -786,30 +793,30 @@ identity_token_code_parse (const char *raw_data, | |||
786 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 793 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
787 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | 794 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + |
788 | enc_meta_len); | 795 | enc_meta_len); |
789 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE); | 796 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); |
790 | write_ptr = (char*) &purpose[1]; | 797 | write_ptr = (char*) &purpose[1]; |
791 | memcpy (write_ptr, &token_code->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 798 | memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
792 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); | 799 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); |
793 | memcpy (write_ptr, enc_meta, enc_meta_len); | 800 | memcpy (write_ptr, enc_meta, enc_meta_len); |
794 | 801 | ||
795 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE, | 802 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, |
796 | purpose, | 803 | purpose, |
797 | &token_code->signature, | 804 | &ticket->signature, |
798 | &token_code_payload->identity_key)) | 805 | &ticket_payload->identity_key)) |
799 | { | 806 | { |
800 | identity_token_code_destroy (token_code); | 807 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket); |
801 | GNUNET_free (token_code_decoded); | 808 | GNUNET_free (ticket_decoded); |
802 | json_decref (root); | 809 | json_decref (root); |
803 | GNUNET_free (purpose); | 810 | GNUNET_free (purpose); |
804 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 811 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
805 | "Error verifying signature for token code\n"); | 812 | "Error verifying signature for token code\n"); |
806 | return GNUNET_SYSERR; | 813 | return GNUNET_SYSERR; |
807 | } | 814 | } |
808 | *result = token_code; | 815 | *result = ticket; |
809 | GNUNET_free (purpose); | 816 | GNUNET_free (purpose); |
810 | 817 | ||
811 | GNUNET_free (enc_meta); | 818 | GNUNET_free (enc_meta); |
812 | GNUNET_free (token_code_decoded); | 819 | GNUNET_free (ticket_decoded); |
813 | json_decref (root); | 820 | json_decref (root); |
814 | return GNUNET_OK; | 821 | return GNUNET_OK; |
815 | 822 | ||
diff --git a/src/identity-token/identity-token.h b/src/identity-token/identity-token.h index 1520dcf6a..6e41a009d 100644 --- a/src/identity-token/identity-token.h +++ b/src/identity-token/identity-token.h | |||
@@ -1,13 +1,35 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors) | ||
1 | 4 | ||
2 | #ifndef GNUNET_IDENTITY_TOKEN_H | 5 | GNUnet is free software; you can redistribute it and/or modify |
3 | #define GNUNET_IDENTITY_TOKEN_H | 6 | it under the terms of the GNU General Public License as published |
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
4 | 9 | ||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
5 | 14 | ||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file include/gnunet_identity_provider_lib.h | ||
23 | * @brief GNUnet Identity Provider library | ||
24 | * | ||
25 | */ | ||
26 | #ifndef GNUNET_IDENTITY_PROVIDER_LIB_H | ||
27 | #define GNUNET_IDENTITY_PROVIDER_LIB_H | ||
6 | 28 | ||
7 | #include "gnunet_crypto_lib.h" | 29 | #include "gnunet_crypto_lib.h" |
8 | #include <jansson.h> | 30 | #include <jansson.h> |
9 | 31 | ||
10 | struct IdentityToken | 32 | struct GNUNET_IDENTITY_PROVIDER_Token |
11 | { | 33 | { |
12 | /** | 34 | /** |
13 | * JSON header | 35 | * JSON header |
@@ -30,7 +52,7 @@ struct IdentityToken | |||
30 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | 52 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; |
31 | }; | 53 | }; |
32 | 54 | ||
33 | struct IdentityTokenCodePayload | 55 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload |
34 | { | 56 | { |
35 | /** | 57 | /** |
36 | * Nonce | 58 | * Nonce |
@@ -49,12 +71,12 @@ struct IdentityTokenCodePayload | |||
49 | }; | 71 | }; |
50 | 72 | ||
51 | 73 | ||
52 | struct IdentityTokenCode | 74 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket |
53 | { | 75 | { |
54 | /** | 76 | /** |
55 | * Meta info | 77 | * Meta info |
56 | */ | 78 | */ |
57 | struct IdentityTokenCodePayload *payload; | 79 | struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload; |
58 | 80 | ||
59 | /** | 81 | /** |
60 | * ECDH Pubkey | 82 | * ECDH Pubkey |
@@ -74,62 +96,174 @@ struct IdentityTokenCode | |||
74 | 96 | ||
75 | 97 | ||
76 | 98 | ||
77 | struct IdentityToken* | 99 | /** |
78 | identity_token_create (const char* issuer, | 100 | * Create an identity token |
79 | const char* audience); | 101 | * |
102 | * @param iss the issuer string for the token | ||
103 | * @param aud the audience of the token | ||
104 | * | ||
105 | * @return a new token | ||
106 | */ | ||
107 | struct GNUNET_IDENTITY_PROVIDER_Token* | ||
108 | GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, | ||
109 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); | ||
80 | 110 | ||
111 | /** | ||
112 | * Destroy an identity token | ||
113 | * | ||
114 | * @param token the token to destroy | ||
115 | */ | ||
81 | void | 116 | void |
82 | identity_token_destroy (struct IdentityToken *token); | 117 | GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token); |
83 | 118 | ||
119 | /** | ||
120 | * Add a new key value pair to the token | ||
121 | * | ||
122 | * @param token the token to modify | ||
123 | * @param key the key | ||
124 | * @param value the value | ||
125 | */ | ||
84 | void | 126 | void |
85 | identity_token_add_attr (const struct IdentityToken *token, | 127 | GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
86 | const char* key, | 128 | const char* key, |
87 | const char* value); | 129 | const char* value); |
130 | |||
131 | /** | ||
132 | * Add a new key value pair to the token with the value as json | ||
133 | * | ||
134 | * @param the token to modify | ||
135 | * @param key the key | ||
136 | * @param value the value | ||
137 | * | ||
138 | */ | ||
88 | void | 139 | void |
89 | identity_token_add_json (const struct IdentityToken *token, | 140 | GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
90 | const char* key, | 141 | const char* key, |
91 | json_t* value); | 142 | json_t* value); |
92 | 143 | ||
144 | /** | ||
145 | * Serialize a token. The token will be signed and base64 according to the | ||
146 | * JWT format. The signature is base32-encoded ECDSA. | ||
147 | * The resulting JWT is encrypted using | ||
148 | * ECDHE for the audience and Base64 | ||
149 | * encoded in result. The audience requires the ECDHE public key P | ||
150 | * to decrypt the token T. The key P is included in the result and prepended | ||
151 | * before the token | ||
152 | * | ||
153 | * @param token the token to serialize | ||
154 | * @param priv_key the private key used to sign the token | ||
155 | * @param ecdhe_privkey the ECDHE private key used to encrypt the token | ||
156 | * @param result P,Base64(E(T)) | ||
157 | * | ||
158 | * @return GNUNET_OK on success | ||
159 | */ | ||
93 | int | 160 | int |
94 | identity_token_serialize (const struct IdentityToken *token, | 161 | GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
95 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 162 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
96 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | 163 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, |
97 | char **result); | 164 | char **result); |
98 | 165 | ||
166 | /** | ||
167 | * Parses the serialized token and returns a token | ||
168 | * | ||
169 | * @param data the serialized token | ||
170 | * @param priv_key the private key of the audience | ||
171 | * @param result the token | ||
172 | * | ||
173 | * @return GNUNET_OK on success | ||
174 | */ | ||
99 | int | 175 | int |
100 | identity_token_parse (const char* raw_data, | 176 | GNUNET_IDENTITY_PROVIDER_token_parse (const char* data, |
101 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 177 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
102 | struct IdentityToken **result); | 178 | struct GNUNET_IDENTITY_PROVIDER_Token **result); |
103 | 179 | ||
180 | /** | ||
181 | * Parses the serialized token and returns a token | ||
182 | * This variant is intended for the party that issued the token and also | ||
183 | * wants to decrypt the serialized token. | ||
184 | * | ||
185 | * @param data the serialized token | ||
186 | * @param priv_key the private (!) ECDHE key | ||
187 | * @param aud_key the identity of the audience | ||
188 | * @param result the token | ||
189 | * | ||
190 | * @return GNUNET_OK on success | ||
191 | */ | ||
104 | int | 192 | int |
105 | identity_token_parse2 (const char* raw_data, | 193 | GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data, |
106 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | 194 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, |
107 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 195 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
108 | struct IdentityToken **result); | 196 | struct GNUNET_IDENTITY_PROVIDER_Token **result); |
109 | 197 | ||
198 | |||
199 | /** | ||
200 | * | ||
201 | * Returns a JWT-string representation of the token | ||
202 | * | ||
203 | * @param token the token | ||
204 | * @param priv_key the private key used to sign the JWT | ||
205 | * @param result the JWT | ||
206 | * | ||
207 | * @return GNUNET_OK on success | ||
208 | */ | ||
110 | int | 209 | int |
111 | identity_token_to_string (const struct IdentityToken *token, | 210 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
112 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 211 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
113 | char **result); | 212 | char **result); |
114 | 213 | ||
115 | struct IdentityTokenCode* | 214 | /** |
116 | identity_token_code_create (const char* nonce_str, | 215 | * |
117 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 216 | * Creates a ticket that can be exchanged by the audience for |
217 | * the token. The token must be placed under the label | ||
218 | * | ||
219 | * @param nonce_str nonce provided by the audience that requested the ticket | ||
220 | * @param iss_pkey the issuer pubkey used to sign the ticket | ||
221 | * @param label the label encoded in the ticket | ||
222 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | ||
223 | * | ||
224 | * @return the ticket | ||
225 | */ | ||
226 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket* | ||
227 | GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, | ||
228 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | ||
118 | const char* lbl_str, | 229 | const char* lbl_str, |
119 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | 230 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); |
120 | 231 | ||
232 | /** | ||
233 | * Serialize a ticket. Returns the Base64 representation of the ticket. | ||
234 | * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) | ||
235 | * | ||
236 | * @param ticket the ticket to serialize | ||
237 | * @param priv_key the issuer private key to sign the ticket payload | ||
238 | * @param result the serialized ticket | ||
239 | * | ||
240 | * @return GNUNET_OK on success | ||
241 | */ | ||
121 | int | 242 | int |
122 | identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, | 243 | GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, |
123 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 244 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
124 | char **result); | 245 | char **result); |
125 | 246 | ||
247 | /** | ||
248 | * Destroys a ticket | ||
249 | * | ||
250 | * @param the ticket to destroy | ||
251 | */ | ||
126 | void | 252 | void |
127 | identity_token_code_destroy (struct IdentityTokenCode *token_code); | 253 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket); |
128 | |||
129 | 254 | ||
255 | /** | ||
256 | * Parses a serialized ticket | ||
257 | * | ||
258 | * @param data the serialized ticket | ||
259 | * @param priv_key the audience private key | ||
260 | * @param ticket the ticket | ||
261 | * | ||
262 | * @return GNUNET_OK on success | ||
263 | */ | ||
130 | int | 264 | int |
131 | identity_token_code_parse (const char* raw_data, | 265 | GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data, |
132 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 266 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
133 | struct IdentityTokenCode **result); | 267 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket **ticket); |
134 | 268 | ||
135 | #endif | 269 | #endif |
diff --git a/src/identity-token/plugin_rest_identity_token.c b/src/identity-token/plugin_rest_identity_token.c index 580d34ed0..d2c1b6c5d 100644 --- a/src/identity-token/plugin_rest_identity_token.c +++ b/src/identity-token/plugin_rest_identity_token.c | |||
@@ -34,7 +34,7 @@ | |||
34 | #include "microhttpd.h" | 34 | #include "microhttpd.h" |
35 | #include <jansson.h> | 35 | #include <jansson.h> |
36 | #include "gnunet_signatures.h" | 36 | #include "gnunet_signatures.h" |
37 | #include "identity-token.h" | 37 | #include "gnunet_identity_provider_lib.h" |
38 | 38 | ||
39 | /** | 39 | /** |
40 | * REST root namespace | 40 | * REST root namespace |
@@ -61,7 +61,7 @@ | |||
61 | */ | 61 | */ |
62 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" | 62 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" |
63 | 63 | ||
64 | #define GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE "code" | 64 | #define GNUNET_REST_JSONAPI_IDENTITY_token_ticket "code" |
65 | 65 | ||
66 | #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" | 66 | #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" |
67 | 67 | ||
@@ -290,12 +290,12 @@ struct RequestHandle | |||
290 | /** | 290 | /** |
291 | * Identity Token | 291 | * Identity Token |
292 | */ | 292 | */ |
293 | struct IdentityToken *token; | 293 | struct GNUNET_IDENTITY_PROVIDER_Token *token; |
294 | 294 | ||
295 | /** | 295 | /** |
296 | * Identity Token Code | 296 | * Identity Token Code |
297 | */ | 297 | */ |
298 | struct IdentityTokenCode *token_code; | 298 | struct GNUNET_IDENTITY_PROVIDER_TokenTicket *token_ticket; |
299 | 299 | ||
300 | /** | 300 | /** |
301 | * Response object | 301 | * Response object |
@@ -341,9 +341,9 @@ cleanup_handle (struct RequestHandle *handle) | |||
341 | if (NULL != handle->attr_map) | 341 | if (NULL != handle->attr_map) |
342 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | 342 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); |
343 | if (NULL != handle->token) | 343 | if (NULL != handle->token) |
344 | identity_token_destroy (handle->token); | 344 | GNUNET_IDENTITY_PROVIDER_token_destroy (handle->token); |
345 | if (NULL != handle->token_code) | 345 | if (NULL != handle->token_ticket) |
346 | identity_token_code_destroy (handle->token_code); | 346 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (handle->token_ticket); |
347 | if (NULL != handle->url) | 347 | if (NULL != handle->url) |
348 | GNUNET_free (handle->url); | 348 | GNUNET_free (handle->url); |
349 | if (NULL != handle->emsg) | 349 | if (NULL != handle->emsg) |
@@ -455,10 +455,10 @@ sign_and_return_token (void *cls, | |||
455 | struct GNUNET_TIME_Relative etime_rel; | 455 | struct GNUNET_TIME_Relative etime_rel; |
456 | json_t *token_str; | 456 | json_t *token_str; |
457 | json_t *name_str; | 457 | json_t *name_str; |
458 | json_t *token_code_json; | 458 | json_t *token_ticket_json; |
459 | char *lbl_str; | 459 | char *lbl_str; |
460 | char *exp_str; | 460 | char *exp_str; |
461 | char *token_code_str; | 461 | char *token_ticket_str; |
462 | char *audience; | 462 | char *audience; |
463 | char *nonce_str; | 463 | char *nonce_str; |
464 | char *enc_token_str; | 464 | char *enc_token_str; |
@@ -520,14 +520,14 @@ sign_and_return_token (void *cls, | |||
520 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, | 520 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, |
521 | &pub_key); | 521 | &pub_key); |
522 | 522 | ||
523 | handle->token_code = identity_token_code_create (nonce_str, | 523 | handle->token_ticket = GNUNET_IDENTITY_PROVIDER_ticket_create (nonce_str, |
524 | &pub_key, | 524 | &pub_key, |
525 | lbl_str, | 525 | lbl_str, |
526 | &aud_pkey); | 526 | &aud_pkey); |
527 | 527 | ||
528 | if (GNUNET_OK != identity_token_code_serialize (handle->token_code, | 528 | if (GNUNET_OK != GNUNET_IDENTITY_PROVIDER_ticket_serialize (handle->token_ticket, |
529 | priv_key, | 529 | priv_key, |
530 | &token_code_str)) | 530 | &token_ticket_str)) |
531 | { | 531 | { |
532 | handle->emsg = GNUNET_strdup ("Unable to create ref token!\n"); | 532 | handle->emsg = GNUNET_strdup ("Unable to create ref token!\n"); |
533 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 533 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -563,11 +563,11 @@ sign_and_return_token (void *cls, | |||
563 | exp_time = time + etime_rel.rel_value_us; | 563 | exp_time = time + etime_rel.rel_value_us; |
564 | 564 | ||
565 | //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); | 565 | //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); |
566 | identity_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); | 566 | GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); |
567 | identity_token_add_json (handle->token, "nbf", json_integer (time)); | 567 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "nbf", json_integer (time)); |
568 | identity_token_add_json (handle->token, "iat", json_integer (time)); | 568 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "iat", json_integer (time)); |
569 | identity_token_add_json (handle->token, "exp", json_integer (exp_time)); | 569 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "exp", json_integer (exp_time)); |
570 | identity_token_add_attr (handle->token, "nonce", nonce_str); | 570 | GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "nonce", nonce_str); |
571 | 571 | ||
572 | 572 | ||
573 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); | 573 | handle->resp_object = GNUNET_REST_jsonapi_object_new (); |
@@ -583,18 +583,18 @@ sign_and_return_token (void *cls, | |||
583 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, | 583 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, |
584 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN, | 584 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN, |
585 | token_str); | 585 | token_str); |
586 | token_code_json = json_string (token_code_str); | 586 | token_ticket_json = json_string (token_ticket_str); |
587 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, | 587 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, |
588 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, | 588 | GNUNET_REST_JSONAPI_IDENTITY_token_ticket, |
589 | token_code_json); | 589 | token_ticket_json); |
590 | GNUNET_free (token_code_str); | 590 | GNUNET_free (token_ticket_str); |
591 | json_decref (token_code_json); | 591 | json_decref (token_ticket_json); |
592 | GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); | 592 | GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); |
593 | //Token in a serialized encrypted format | 593 | //Token in a serialized encrypted format |
594 | GNUNET_assert (identity_token_serialize (handle->token, | 594 | GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (handle->token, |
595 | priv_key, | 595 | priv_key, |
596 | &ecdhe_privkey, | 596 | &ecdhe_privkey, |
597 | &enc_token_str)); | 597 | &enc_token_str)); |
598 | 598 | ||
599 | //Token record E,E_K (Token) | 599 | //Token record E,E_K (Token) |
600 | token_record[0].data = enc_token_str; | 600 | token_record[0].data = enc_token_str; |
@@ -703,7 +703,7 @@ attr_collect (void *cls, | |||
703 | rd->data, | 703 | rd->data, |
704 | rd->data_size); | 704 | rd->data_size); |
705 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); | 705 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); |
706 | identity_token_add_attr (handle->token, label, data); | 706 | GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, label, data); |
707 | GNUNET_free (data); | 707 | GNUNET_free (data); |
708 | } | 708 | } |
709 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | 709 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); |
@@ -727,7 +727,7 @@ attr_collect (void *cls, | |||
727 | 727 | ||
728 | if (0 < json_array_size (attr_arr)) | 728 | if (0 < json_array_size (attr_arr)) |
729 | { | 729 | { |
730 | identity_token_add_json (handle->token, label, attr_arr); | 730 | GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, label, attr_arr); |
731 | } | 731 | } |
732 | json_decref (attr_arr); | 732 | json_decref (attr_arr); |
733 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | 733 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); |
@@ -754,6 +754,8 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
754 | struct GNUNET_HashCode key; | 754 | struct GNUNET_HashCode key; |
755 | struct MHD_Response *resp; | 755 | struct MHD_Response *resp; |
756 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 756 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
757 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | ||
758 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | ||
757 | 759 | ||
758 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, | 760 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, |
759 | GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) | 761 | GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) |
@@ -820,13 +822,20 @@ issue_token_cont (struct RestConnectionDataHandle *con, | |||
820 | &key); | 822 | &key); |
821 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience); | 823 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience); |
822 | 824 | ||
823 | handle->token = identity_token_create (ego_entry->keystring, | 825 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); |
824 | audience); | 826 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, |
827 | &pub_key); | ||
828 | GNUNET_STRINGS_string_to_data (audience, | ||
829 | strlen (audience), | ||
830 | &aud_key, | ||
831 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
832 | handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key, | ||
833 | aud_key); | ||
834 | GNUNET_free (aud_key); | ||
825 | 835 | ||
826 | 836 | ||
827 | //Get identity attributes | 837 | //Get identity attributes |
828 | handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); | 838 | handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); |
829 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
830 | handle->ego_entry = ego_entry; | 839 | handle->ego_entry = ego_entry; |
831 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, | 840 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, |
832 | priv_key, | 841 | priv_key, |
@@ -1033,14 +1042,14 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1033 | rd->data_size); | 1042 | rd->data_size); |
1034 | 1043 | ||
1035 | //Decrypt and parse | 1044 | //Decrypt and parse |
1036 | GNUNET_assert (GNUNET_OK == identity_token_parse (record_str, | 1045 | GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_parse (record_str, |
1037 | handle->priv_key, | 1046 | handle->priv_key, |
1038 | &handle->token)); | 1047 | &handle->token)); |
1039 | 1048 | ||
1040 | //Readable | 1049 | //Readable |
1041 | GNUNET_assert (GNUNET_OK == identity_token_to_string (handle->token, | 1050 | GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (handle->token, |
1042 | handle->priv_key, | 1051 | handle->priv_key, |
1043 | &token_str)); | 1052 | &token_str)); |
1044 | 1053 | ||
1045 | json_object_set_new (root, "access_token", json_string (token_str)); | 1054 | json_object_set_new (root, "access_token", json_string (token_str)); |
1046 | json_object_set_new (root, "token_type", json_string ("gnuid")); | 1055 | json_object_set_new (root, "token_type", json_string ("gnuid")); |
@@ -1058,7 +1067,7 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1058 | 1067 | ||
1059 | 1068 | ||
1060 | static void | 1069 | static void |
1061 | exchange_token_code_cb (void *cls, | 1070 | exchange_token_ticket_cb (void *cls, |
1062 | struct GNUNET_IDENTITY_Ego *ego, | 1071 | struct GNUNET_IDENTITY_Ego *ego, |
1063 | void **ctx, | 1072 | void **ctx, |
1064 | const char *name) | 1073 | const char *name) |
@@ -1077,8 +1086,8 @@ exchange_token_code_cb (void *cls, | |||
1077 | return; | 1086 | return; |
1078 | } | 1087 | } |
1079 | 1088 | ||
1080 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, | 1089 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_token_ticket, |
1081 | strlen (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE), | 1090 | strlen (GNUNET_REST_JSONAPI_IDENTITY_token_ticket), |
1082 | &key); | 1091 | &key); |
1083 | 1092 | ||
1084 | if ( GNUNET_NO == | 1093 | if ( GNUNET_NO == |
@@ -1094,21 +1103,21 @@ exchange_token_code_cb (void *cls, | |||
1094 | 1103 | ||
1095 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); | 1104 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); |
1096 | 1105 | ||
1097 | if (GNUNET_SYSERR == identity_token_code_parse (code, | 1106 | if (GNUNET_SYSERR == GNUNET_IDENTITY_PROVIDER_ticket_parse (code, |
1098 | handle->priv_key, | 1107 | handle->priv_key, |
1099 | &handle->token_code)) | 1108 | &handle->token_ticket)) |
1100 | { | 1109 | { |
1101 | handle->emsg = GNUNET_strdup ("Error extracting values from token code."); | 1110 | handle->emsg = GNUNET_strdup ("Error extracting values from token code."); |
1102 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1111 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1103 | return; | 1112 | return; |
1104 | } | 1113 | } |
1105 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n", | 1114 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n", |
1106 | handle->token_code->payload->label); | 1115 | handle->token_ticket->payload->label); |
1107 | handle->gns_handle = GNUNET_GNS_connect (cfg); | 1116 | handle->gns_handle = GNUNET_GNS_connect (cfg); |
1108 | GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_code->payload->label); | 1117 | GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_ticket->payload->label); |
1109 | handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle, | 1118 | handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle, |
1110 | lookup_query, | 1119 | lookup_query, |
1111 | &handle->token_code->payload->identity_key, | 1120 | &handle->token_ticket->payload->identity_key, |
1112 | GNUNET_GNSRECORD_TYPE_ID_TOKEN, | 1121 | GNUNET_GNSRECORD_TYPE_ID_TOKEN, |
1113 | GNUNET_GNS_LO_LOCAL_MASTER, | 1122 | GNUNET_GNS_LO_LOCAL_MASTER, |
1114 | NULL, | 1123 | NULL, |
@@ -1125,7 +1134,7 @@ exchange_token_code_cb (void *cls, | |||
1125 | * @param cls the RequestHandle | 1134 | * @param cls the RequestHandle |
1126 | */ | 1135 | */ |
1127 | static void | 1136 | static void |
1128 | exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, | 1137 | exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle, |
1129 | const char* url, | 1138 | const char* url, |
1130 | void *cls) | 1139 | void *cls) |
1131 | { | 1140 | { |
@@ -1149,7 +1158,7 @@ exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, | |||
1149 | //Get token from GNS | 1158 | //Get token from GNS |
1150 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, | 1159 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, |
1151 | "gns-master", | 1160 | "gns-master", |
1152 | &exchange_token_code_cb, | 1161 | &exchange_token_ticket_cb, |
1153 | handle); | 1162 | handle); |
1154 | } | 1163 | } |
1155 | 1164 | ||
@@ -1194,7 +1203,7 @@ init_cont (struct RequestHandle *handle) | |||
1194 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, | 1203 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, |
1195 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, | 1204 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, |
1196 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, | 1205 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, |
1197 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_code_cont}, | 1206 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, |
1198 | GNUNET_REST_HANDLER_END | 1207 | GNUNET_REST_HANDLER_END |
1199 | }; | 1208 | }; |
1200 | 1209 | ||