summaryrefslogtreecommitdiff
path: root/src/credential
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-18 16:52:59 +0100
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-18 16:52:59 +0100
commit33e847bf4edc06be68589467d0f6a31c07d911ac (patch)
treed635352dbea2aa448395d52703351ec8c7242fe4 /src/credential
parent9c5ecc381458c941fdb70f1f4a47e76daac4eda5 (diff)
-fixes
Diffstat (limited to 'src/credential')
-rw-r--r--src/credential/Makefile.am5
-rw-r--r--src/credential/credential.h76
-rw-r--r--src/credential/credential_api.c48
-rw-r--r--src/credential/credential_serialization.c159
-rw-r--r--src/credential/credential_serialization.h20
-rw-r--r--src/credential/gnunet-credential.c21
-rw-r--r--src/credential/gnunet-service-credential.c150
-rw-r--r--src/credential/plugin_gnsrecord_credential.c115
-rw-r--r--src/credential/plugin_rest_credential.c258
-rwxr-xr-xsrc/credential/test_credential_issue.sh4
-rw-r--r--src/credential/test_credential_lookup.conf2
-rwxr-xr-xsrc/credential/test_credential_verify_simple.sh2
12 files changed, 532 insertions, 328 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am
index 5f3b60270..0d9aed71b 100644
--- a/src/credential/Makefile.am
+++ b/src/credential/Makefile.am
@@ -74,8 +74,9 @@ gnunet_service_credential_LDADD = \
libgnunetcredential_la_SOURCES = \
- credential_api.c credential.h \
- credential_serialization.c
+ credential_api.c \
+ credential_serialization.c \
+ credential_misc.c
libgnunetcredential_la_LIBADD = \
$(top_builddir)/src/util/libgnunetutil.la $(XLIB)
libgnunetcredential_la_LDFLAGS = \
diff --git a/src/credential/credential.h b/src/credential/credential.h
index 3ba8e9c9e..c5c0183cc 100644
--- a/src/credential/credential.h
+++ b/src/credential/credential.h
@@ -103,6 +103,82 @@ struct VerifyResultMessage
};
+struct DelegationRecordData
+{
+ /**
+ * Subject key
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
+
+ /**
+ * Subject attributes
+ */
+ uint32_t subject_attribute_len GNUNET_PACKED;
+};
+
+
+struct ChainEntry
+{
+ /**
+ * Issuer key
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
+
+ /**
+ * Subject key
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
+
+ /**
+ * Issuer attributes
+ */
+ uint32_t issuer_attribute_len GNUNET_PACKED;
+
+ /**
+ * Subject attributes
+ */
+ uint32_t subject_attribute_len GNUNET_PACKED;
+};
+
+
+struct CredentialEntry
+{
+
+ /**
+ * The signature for this credential by the issuer
+ */
+ struct GNUNET_CRYPTO_EcdsaSignature signature;
+
+ /**
+ * Signature meta
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Public key of the issuer
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
+
+ /**
+ * Public key of the subject this credential was issued to
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
+
+ /**
+ * Expiration time of this credential
+ */
+ uint64_t expiration GNUNET_PACKED;
+
+ /**
+ * Issuer attribute length
+ */
+ uint32_t issuer_attribute_len;
+
+ /**
+ * Followed by the attribute string
+ */
+};
+
GNUNET_NETWORK_STRUCT_END
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index d9e01c1d3..e991b4153 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -430,52 +430,4 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
return vr;
}
-/**
- * Issue an attribute to a subject
- *
- * @param handle handle to the Credential service
- * @param issuer the ego that should be used to issue the attribute
- * @param subject the subject of the attribute
- * @param attribute the name of the attribute
- * @return handle to the queued request
- */
-struct GNUNET_CREDENTIAL_CredentialRecordData *
-GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
- struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
- const char *attribute,
- struct GNUNET_TIME_Absolute *expiration)
-{
- struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
-
- crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1);
-
- crd->purpose.size = htonl (strlen (attribute) + 1 +
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
- sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof (uint64_t));
-
- crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
- GNUNET_CRYPTO_ecdsa_key_get_public (issuer,
- &crd->issuer_key);
- crd->subject_key = *subject;
- crd->expiration = GNUNET_htonll (expiration->abs_value_us);
- GNUNET_memcpy (&crd[1],
- attribute,
- strlen (attribute));
- if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_sign (issuer,
- &crd->purpose,
- &crd->signature))
- {
- GNUNET_break (0);
- GNUNET_free (crd);
- return NULL;
- }
- return crd;
-}
-
-
-
-
/* end of credential_api.c */
diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c
index b08920d96..0586e6baa 100644
--- a/src/credential/credential_serialization.c
+++ b/src/credential/credential_serialization.c
@@ -29,48 +29,8 @@
#include "gnunet_util_lib.h"
#include "gnunet_constants.h"
#include "gnunet_credential_service.h"
-
-GNUNET_NETWORK_STRUCT_BEGIN
-
-struct DelegationRecordData
-{
- /**
- * Subject key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
-
- /**
- * Subject attributes
- */
- uint32_t subject_attribute_len GNUNET_PACKED;
-};
-
-
-struct ChainEntry
-{
- /**
- * Issuer key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
-
- /**
- * Subject key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
-
- /**
- * Issuer attributes
- */
- uint32_t issuer_attribute_len GNUNET_PACKED;
-
- /**
- * Subject attributes
- */
- uint32_t subject_attribute_len GNUNET_PACKED;
-};
-
-GNUNET_NETWORK_STRUCT_END
-
+#include "gnunet_signatures.h"
+#include "credential.h"
/**
* Calculate how many bytes we will need to serialize
@@ -83,7 +43,7 @@ GNUNET_NETWORK_STRUCT_END
*/
size_t
GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
- const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr)
+ const struct GNUNET_CREDENTIAL_DelegationSet *dsr)
{
unsigned int i;
size_t ret;
@@ -110,7 +70,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
*/
ssize_t
GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count,
- const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr,
+ const struct GNUNET_CREDENTIAL_DelegationSet *dsr,
size_t dest_size,
char *dest)
{
@@ -156,7 +116,7 @@ int
GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
const char *src,
unsigned int d_count,
- struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr)
+ struct GNUNET_CREDENTIAL_DelegationSet *dsr)
{
struct DelegationRecordData rec;
unsigned int i;
@@ -173,7 +133,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len);
if (off + dsr[i].subject_attribute_len > len)
return GNUNET_SYSERR;
- dsr[i].subject_attribute = &src[off];
+ dsr[i].subject_attribute = (char*)&src[off];
off += dsr[i].subject_attribute_len;
}
return GNUNET_OK;
@@ -198,7 +158,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count,
size_t ret;
ret = sizeof (struct ChainEntry) * (d_count);
- ret += sizeof (struct ChainEntry) * (c_count);
+ ret += sizeof (struct CredentialEntry) * (c_count);
for (i=0; i<d_count;i++)
{
@@ -235,6 +195,7 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count,
char *dest)
{
struct ChainEntry rec;
+ struct CredentialEntry c_rec;
unsigned int i;
size_t off;
@@ -268,16 +229,19 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count,
}
for (i=0;i<c_count;i++)
{
- rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len);
- rec.subject_attribute_len = htonl (0);
- rec.issuer_key = cd[i].issuer_key;
- rec.subject_key = cd[i].subject_key;
- if (off + sizeof (rec) > dest_size)
+ c_rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len);
+ c_rec.issuer_key = cd[i].issuer_key;
+ c_rec.subject_key = cd[i].subject_key;
+ c_rec.signature = cd[i].signature;
+ c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
+ c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
+ c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us);
+ if (off + sizeof (c_rec) > dest_size)
return -1;
GNUNET_memcpy (&dest[off],
- &rec,
- sizeof (rec));
- off += sizeof (rec);
+ &c_rec,
+ sizeof (c_rec));
+ off += sizeof (c_rec);
if (off + cd[i].issuer_attribute_len > dest_size)
return -1;
GNUNET_memcpy (&dest[off],
@@ -310,6 +274,7 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len,
struct GNUNET_CREDENTIAL_Credential *cd)
{
struct ChainEntry rec;
+ struct CredentialEntry c_rec;
unsigned int i;
size_t off;
@@ -335,13 +300,15 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len,
}
for (i=0;i<c_count;i++)
{
- if (off + sizeof (rec) > len)
+ if (off + sizeof (c_rec) > len)
return GNUNET_SYSERR;
- GNUNET_memcpy (&rec, &src[off], sizeof (rec));
- cd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len);
- cd[i].issuer_key = rec.issuer_key;
- cd[i].subject_key = rec.subject_key;
- off += sizeof (rec);
+ GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec));
+ cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len);
+ cd[i].issuer_key = c_rec.issuer_key;
+ cd[i].subject_key = c_rec.subject_key;
+ cd[i].signature = c_rec.signature;
+ cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration);
+ off += sizeof (c_rec);
if (off + cd[i].issuer_attribute_len > len)
return GNUNET_SYSERR;
cd[i].issuer_attribute = &src[off];
@@ -350,4 +317,74 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len,
return GNUNET_OK;
}
+
+int
+GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred,
+ char **data)
+{
+ size_t size;
+ struct CredentialEntry *cdata;
+
+ size = sizeof (struct CredentialEntry) + strlen (cred->issuer_attribute) + 1;
+ *data = GNUNET_malloc (size);
+ cdata = (struct CredentialEntry*)*data;
+ cdata->subject_key = cred->subject_key;
+ cdata->issuer_key = cred->issuer_key;
+ cdata->expiration = GNUNET_htonll (cred->expiration.abs_value_us);
+ cdata->signature = cred->signature;
+ cdata->issuer_attribute_len = htonl (strlen (cred->issuer_attribute) + 1);
+ cdata->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
+ cdata->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
+ GNUNET_memcpy (&cdata[1],
+ cred->issuer_attribute,
+ strlen (cred->issuer_attribute));
+
+ if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL,
+ &cdata->purpose,
+ &cdata->signature,
+ &cdata->issuer_key))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Invalid credential\n");
+ //return NULL;
+ }
+ return size;
+}
+
+struct GNUNET_CREDENTIAL_Credential*
+GNUNET_CREDENTIAL_credential_deserialize (const char* data,
+ size_t data_size)
+{
+ struct GNUNET_CREDENTIAL_Credential *cred;
+ struct CredentialEntry *cdata;
+ char *issuer_attribute;
+
+ if (data_size < sizeof (struct CredentialEntry))
+ return NULL;
+ cdata = (struct CredentialEntry*)data;
+ if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL,
+ &cdata->purpose,
+ &cdata->signature,
+ &cdata->issuer_key))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Invalid credential\n");
+ //return NULL;
+ }
+ issuer_attribute = (char*)&cdata[1];
+
+ cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + ntohl(cdata->issuer_attribute_len));
+
+ cred->issuer_key = cdata->issuer_key;
+ cred->subject_key = cdata->subject_key;
+ GNUNET_memcpy (&cred[1],
+ issuer_attribute,
+ ntohl (cdata->issuer_attribute_len));
+ cred->signature = cdata->signature;
+ cred->issuer_attribute = (char*)&cred[1];
+ cred->expiration.abs_value_us = GNUNET_ntohll (cdata->expiration);
+ return cred;
+}
+
+
/* end of credential_serialization.c */
diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h
index 39ac0103b..eb1327f34 100644
--- a/src/credential/credential_serialization.h
+++ b/src/credential/credential_serialization.h
@@ -25,6 +25,9 @@
* and credentials
* @author Martin Schanzenbach
*/
+#ifndef CREDENTIAL_SERIALIZATION_H
+#define CREDENTIAL_SERIALIZATION_H
+
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_constants.h"
@@ -40,7 +43,7 @@
*/
size_t
GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
- const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr);
+ const struct GNUNET_CREDENTIAL_DelegationSet *dsr);
/**
* Serizalize the given delegation record entries
@@ -53,7 +56,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
*/
ssize_t
GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count,
- const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr,
+ const struct GNUNET_CREDENTIAL_DelegationSet *dsr,
size_t dest_size,
char *dest);
@@ -71,7 +74,7 @@ int
GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
const char *src,
unsigned int d_count,
- struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr);
+ struct GNUNET_CREDENTIAL_DelegationSet *dsr);
/**
* Calculate how many bytes we will need to serialize
@@ -127,4 +130,13 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
struct GNUNET_CREDENTIAL_Delegation *dd,
unsigned int c_count,
struct GNUNET_CREDENTIAL_Credential *cd);
- /* end of credential_serialization.h */
+
+int
+GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred,
+ char **data);
+
+struct GNUNET_CREDENTIAL_Credential*
+GNUNET_CREDENTIAL_credential_deserialize (const char* data,
+ size_t data_size);
+#endif
+/* end of credential_serialization.h */
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c
index a743458d5..b31c2f66e 100644
--- a/src/credential/gnunet-credential.c
+++ b/src/credential/gnunet-credential.c
@@ -26,6 +26,8 @@
#include <gnunet_util_lib.h>
#include <gnunet_credential_service.h>
#include <gnunet_gnsrecord_lib.h>
+#include "credential_misc.h"
+#include "credential_serialization.h"
/**
* Configuration we are using.
@@ -220,7 +222,7 @@ identity_cb (void *cls,
const struct GNUNET_IDENTITY_Ego *ego)
{
const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
- struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
+ struct GNUNET_CREDENTIAL_Credential *crd;
struct GNUNET_TIME_Absolute etime_abs;
struct GNUNET_TIME_Relative etime_rel;
char *res;
@@ -261,14 +263,13 @@ identity_cb (void *cls,
privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
GNUNET_free_non_null (issuer_ego_name);
issuer_ego_name = NULL;
- crd = GNUNET_CREDENTIAL_issue (credential,
- privkey,
- &subject_pkey,
- issuer_attr,
- &etime_abs);
- res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL,
- crd,
- sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
+ crd = GNUNET_CREDENTIAL_credential_issue (privkey,
+ &subject_pkey,
+ issuer_attr,
+ &etime_abs);
+
+ res = GNUNET_CREDENTIAL_credential_to_string (crd);
+ GNUNET_free (crd);
printf ("%s\n", res);
GNUNET_SCHEDULER_shutdown ();
}
@@ -354,7 +355,7 @@ run (void *cls,
_("You must provide issuer and subject attributes\n"));
GNUNET_SCHEDULER_shutdown ();
}
-
+
printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n",
subject_credential, subject_key, issuer_attr, issuer_key);
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index 2b3eb8b4c..55907e0d7 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -46,7 +46,7 @@
struct VerifyRequestHandle;
-struct DelegationSetEntry;
+struct DelegationSetQueueEntry;
struct DelegationChainEntry
@@ -101,12 +101,7 @@ struct CredentialRecordEntry
/**
* Payload
*/
- struct GNUNET_CREDENTIAL_CredentialRecordData *data;
-
- /**
- * Size
- */
- uint64_t data_size;
+ struct GNUNET_CREDENTIAL_Credential *credential;
};
/**
@@ -128,17 +123,17 @@ struct DelegationQueueEntry
/**
* Sets under this Queue
*/
- struct DelegationSetEntry *set_entries_head;
+ struct DelegationSetQueueEntry *set_entries_head;
/**
* Sets under this Queue
*/
- struct DelegationSetEntry *set_entries_tail;
+ struct DelegationSetQueueEntry *set_entries_tail;
/**
* Parent set
*/
- struct DelegationSetEntry *parent_set;
+ struct DelegationSetQueueEntry *parent_set;
/**
* Required solutions
@@ -150,17 +145,17 @@ struct DelegationQueueEntry
* DLL for delegation sets
* Used for AND delegation set
*/
-struct DelegationSetEntry
+struct DelegationSetQueueEntry
{
/**
* DLL
*/
- struct DelegationSetEntry *next;
+ struct DelegationSetQueueEntry *next;
/**
* DLL
*/
- struct DelegationSetEntry *prev;
+ struct DelegationSetQueueEntry *prev;
/**
* GNS handle
@@ -299,7 +294,7 @@ struct VerifyRequestHandle
/**
* Root Delegation Set
*/
- struct DelegationSetEntry *root_set;
+ struct DelegationSetQueueEntry *root_set;
/**
* Current Delegation Pointer
@@ -307,16 +302,6 @@ struct VerifyRequestHandle
struct DelegationQueueEntry *current_delegation;
/**
- * The found credential
- */
- struct GNUNET_CREDENTIAL_CredentialRecordData *credential;
-
- /**
- * Length of the credential
- */
- uint32_t credential_size;
-
- /**
* request id
*/
uint32_t request_id;
@@ -351,10 +336,10 @@ static struct GNUNET_GNS_Handle *gns;
static void
-cleanup_delegation_set (struct DelegationSetEntry *ds_entry)
+cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry)
{
struct DelegationQueueEntry *dq_entry;
- struct DelegationSetEntry *child;
+ struct DelegationSetQueueEntry *child;
if (NULL == ds_entry)
return;
@@ -414,8 +399,6 @@ cleanup_handle (struct VerifyRequestHandle *vrh)
GNUNET_GNS_lookup_cancel (vrh->lookup_request);
vrh->lookup_request = NULL;
}
- if (NULL != vrh->credential)
- GNUNET_free (vrh->credential);
cleanup_delegation_set (vrh->root_set);
if (NULL != vrh->issuer_attribute)
GNUNET_free (vrh->issuer_attribute);
@@ -426,8 +409,8 @@ cleanup_handle (struct VerifyRequestHandle *vrh)
GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head,
vrh->cred_chain_tail,
cr_entry);
- if (NULL != cr_entry->data)
- GNUNET_free (cr_entry->data);
+ if (NULL != cr_entry->credential);
+ GNUNET_free (cr_entry->credential);
GNUNET_free (cr_entry);
}
GNUNET_free (vrh);
@@ -518,48 +501,45 @@ send_lookup_response (struct VerifyRequestHandle *vrh)
struct GNUNET_MQ_Envelope *env;
struct VerifyResultMessage *rmsg;
struct DelegationChainEntry *dce;
- size_t size = vrh->credential_size;
struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size];
struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size];
- struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
struct CredentialRecordEntry *cd;
+ size_t size;
int i;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Sending response\n");
- i = 0;
- for (dce = vrh->delegation_chain_head;
- NULL != dce;
- dce = dce->next)
+ dce = vrh->delegation_chain_head;
+ for (i=0;i<vrh->delegation_chain_size;i++)
{
dd[i].issuer_key = dce->issuer_key;
dd[i].subject_key = dce->subject_key;
dd[i].issuer_attribute = dce->issuer_attribute;
dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1;
dd[i].subject_attribute_len = 0;
+ dd[i].subject_attribute = NULL;
if (NULL != dce->subject_attribute)
{
dd[i].subject_attribute = dce->subject_attribute;
dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1;
}
- i++;
+ dce = dce->next;
}
/**
* Get serialized record data
* Append at the end of rmsg
*/
- i = 0;
- for (cd = vrh->cred_chain_head;
- NULL != cd;
- cd = cd->next)
+ cd = vrh->cred_chain_head;
+ for (i=0;i<vrh->cred_chain_size;i++)
{
- crd = cd->data;
- cred[i].issuer_key = crd->issuer_key;
- cred[i].subject_key = crd->subject_key;
- cred[i].issuer_attribute_len = strlen((char*)&crd[1])+1;
- cred[i].issuer_attribute = (char*)&crd[1];
- i++;
+ cred[i].issuer_key = cd->credential->issuer_key;
+ cred[i].subject_key = cd->credential->subject_key;
+ cred[i].issuer_attribute_len = strlen(cd->credential->issuer_attribute)+1;
+ cred[i].issuer_attribute = cd->credential->issuer_attribute;
+ cred[i].expiration = cd->credential->expiration;
+ cred[i].signature = cd->credential->signature;
+ cd = cd->next;
}
size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size,
dd,
@@ -573,18 +553,18 @@ send_lookup_response (struct VerifyRequestHandle *vrh)
rmsg->d_count = htonl (vrh->delegation_chain_size);
rmsg->c_count = htonl (vrh->cred_chain_size);
- if (NULL != vrh->credential)
+ if (0 < vrh->cred_chain_size)
rmsg->cred_found = htonl (GNUNET_YES);
else
rmsg->cred_found = htonl (GNUNET_NO);
GNUNET_assert (-1 !=
- GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size,
- dd,
- vrh->cred_chain_size,
- cred,
- size,
- (char*)&rmsg[1]));
+ GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size,
+ dd,
+ vrh->cred_chain_size,
+ cred,
+ size,
+ (char*)&rmsg[1]));
GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client),
env);
@@ -604,12 +584,11 @@ backward_resolution (void* cls,
{
struct VerifyRequestHandle *vrh;
- struct GNUNET_CREDENTIAL_CredentialRecordData *cred;
- const struct GNUNET_CREDENTIAL_DelegationRecordData *sets;
+ const struct GNUNET_CREDENTIAL_DelegationRecord *sets;
struct CredentialRecordEntry *cred_pointer;
- struct DelegationSetEntry *current_set;
- struct DelegationSetEntry *ds_entry;
- struct DelegationSetEntry *tmp_set;
+ struct DelegationSetQueueEntry *current_set;
+ struct DelegationSetQueueEntry *ds_entry;
+ struct DelegationSetQueueEntry *tmp_set;
struct DelegationQueueEntry *dq_entry;
char *expanded_attr;
char *lookup_attribute;
@@ -631,15 +610,15 @@ backward_resolution (void* cls,
continue;
sets = rd[i].data;
- struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets->set_count)];
+ struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets->set_count)];
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Found new attribute delegation with %d sets. Creating new Job...\n",
- ntohl (sets->set_count));
+ ntohl (sets->set_count));
if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size),
- (const char*)&sets[1],
- ntohl(sets->set_count),
- set))
+ (const char*)&sets[1],
+ ntohl(sets->set_count),
+ set))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to deserialize!\n");
@@ -654,7 +633,7 @@ backward_resolution (void* cls,
// Each AND
for (j=0; j<ntohl(sets->set_count); j++)
{
- ds_entry = GNUNET_new (struct DelegationSetEntry);
+ ds_entry = GNUNET_new (struct DelegationSetQueueEntry);
if (NULL != current_set->attr_trailer)
{
if (0 == set[j].subject_attribute_len)
@@ -706,16 +685,17 @@ backward_resolution (void* cls,
for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL;
cred_pointer = cred_pointer->next)
{
- cred = cred_pointer->data;
if(0 != memcmp (&set->subject_key,
- &cred_pointer->data->issuer_key,
+ &cred_pointer->credential->issuer_key,
sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
continue;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Checking if %s matches %s\n",
- ds_entry->unresolved_attribute_delegation, (char*)&cred[1]);
+ ds_entry->unresolved_attribute_delegation,
+ cred_pointer->credential->issuer_attribute);
- if (0 != strcmp (ds_entry->unresolved_attribute_delegation, (char*)&cred[1]))
+ if (0 != strcmp (ds_entry->unresolved_attribute_delegation,
+ cred_pointer->credential->issuer_attribute))
continue;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -742,11 +722,6 @@ backward_resolution (void* cls,
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"All solutions found\n");
- vrh->credential = GNUNET_malloc (cred_pointer->data_size);
- memcpy (vrh->credential,
- cred,
- cred_pointer->data_size);
- vrh->credential_size = cred_pointer->data_size;
//Found match
send_lookup_response (vrh);
return;
@@ -822,8 +797,8 @@ handle_credential_query (void* cls,
const struct GNUNET_GNSRECORD_Data *rd)
{
struct VerifyRequestHandle *vrh = cls;
- struct DelegationSetEntry *ds_entry;
- const struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
+ struct DelegationSetQueueEntry *ds_entry;
+ struct GNUNET_CREDENTIAL_Credential *crd;
struct CredentialRecordEntry *cr_entry;
int cred_record_count;
int i;
@@ -835,22 +810,16 @@ handle_credential_query (void* cls,
if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type)
continue;
cred_record_count++;
- crd = rd[i].data;
- if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL,
- &crd->purpose,
- &crd->signature,
- &crd->issuer_key))
+ crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data,
+ rd[i].data_size);
+ if (NULL == crd)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Invalid credential found\n");
continue;
}
cr_entry = GNUNET_new (struct CredentialRecordEntry);
- cr_entry->data = GNUNET_malloc (rd[i].data_size);
- memcpy (cr_entry->data,
- crd,
- rd[i].data_size);
- cr_entry->data_size = rd[i].data_size;
+ cr_entry->credential = crd;
GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head,
vrh->cred_chain_tail,
cr_entry);
@@ -860,13 +829,8 @@ handle_credential_query (void* cls,
&vrh->issuer_key,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
continue;
- if (0 != strcmp ((char*)&crd[1], vrh->issuer_attribute))
+ if (0 != strcmp (crd->issuer_attribute, vrh->issuer_attribute))
continue;
- vrh->credential = GNUNET_malloc (rd[i].data_size);
- memcpy (vrh->credential,
- rd[i].data,
- rd[i].data_size);
- vrh->credential_size = rd[i].data_size;
//Found match prematurely
send_lookup_response (vrh);
return;
@@ -884,7 +848,7 @@ handle_credential_query (void* cls,
".gnu");
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Looking up %s\n", issuer_attribute_name);
- ds_entry = GNUNET_new (struct DelegationSetEntry);
+ ds_entry = GNUNET_new (struct DelegationSetQueueEntry);
ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey);
memcpy (ds_entry->issuer_key,
&vrh->issuer_key,
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c
index 1358afdb1..5c3c03832 100644
--- a/src/credential/plugin_gnsrecord_credential.c
+++ b/src/credential/plugin_gnsrecord_credential.c
@@ -31,7 +31,7 @@
#include "gnunet_gnsrecord_plugin.h"
#include "gnunet_signatures.h"
#include "credential_serialization.h"
-
+#include "credential_misc.h"
/**
* Convert the 'value' of a record to a string.
@@ -55,18 +55,18 @@ credential_value_to_string (void *cls,
{
case GNUNET_GNSRECORD_TYPE_ATTRIBUTE:
{
- struct GNUNET_CREDENTIAL_DelegationRecordData sets;
+ struct GNUNET_CREDENTIAL_DelegationRecord sets;
char *attr_str;
char *subject_pkey;
char *tmp_str;
int i;
- if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData))
+ if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecord))
return NULL; /* malformed */
memcpy (&sets,
data,
sizeof (sets));
cdata = data;
- struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets.set_count)];
+ struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets.set_count)];
if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size),
&cdata[sizeof (sets)],
ntohl (sets.set_count),
@@ -116,38 +116,13 @@ credential_value_to_string (void *cls,
}
case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
{
- struct GNUNET_CREDENTIAL_CredentialRecordData cred;
- struct GNUNET_TIME_Absolute etime_abs;
+ struct GNUNET_CREDENTIAL_Credential *cred;
char *cred_str;
- char *subject_pkey;
- char *issuer_pkey;
- char *signature;
- const char *expiration;
-
- if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData))
- return NULL; /* malformed */
- memcpy (&cred,
- data,
- sizeof (cred));
- cdata = data;
- subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key);
- issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key);
- etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration);
- expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs);
- GNUNET_STRINGS_base64_encode ((char*)&cred.signature,
- sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
- &signature);
- GNUNET_asprintf (&cred_str,
- "%s.%s -> %s | %s | %s",
- issuer_pkey,
- &cdata[sizeof (cred)],
- subject_pkey,
- signature,
- expiration);
- GNUNET_free (subject_pkey);
- GNUNET_free (issuer_pkey);
- GNUNET_free (signature);
+ cred = GNUNET_CREDENTIAL_credential_deserialize (data,
+ data_size);
+ cred_str = GNUNET_CREDENTIAL_credential_to_string (cred);
+ GNUNET_free (cred);
return cred_str;
}
default:
@@ -180,7 +155,7 @@ credential_string_to_value (void *cls,
{
case GNUNET_GNSRECORD_TYPE_ATTRIBUTE:
{
- struct GNUNET_CREDENTIAL_DelegationRecordData *sets;
+ struct GNUNET_CREDENTIAL_DelegationRecord *sets;
char attr_str[253 + 1];
char subject_pkey[52 + 1];
char *token;
@@ -194,7 +169,7 @@ credential_string_to_value (void *cls,
token = strtok (tmp_str, ",");
entries = 0;
tmp_data_size = 0;
- *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData);
+ *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecord);
while (NULL != token)
{
matches = SSCANF (token,
@@ -210,9 +185,9 @@ credential_string_to_value (void *cls,
return GNUNET_SYSERR;
}
if (1 == matches) {
- tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord);
+ tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet);
} else if (2 == matches) {
- tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord) + strlen (attr_str) + 1;
+ tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet) + strlen (attr_str) + 1;
}
entries++;
token = strtok (NULL, ",");
@@ -220,8 +195,7 @@ credential_string_to_value (void *cls,
GNUNET_free (tmp_str);
tmp_str = GNUNET_strdup (s);
token = strtok (tmp_str, ",");
- struct GNUNET_CREDENTIAL_DelegationSetRecord *set;
- set = GNUNET_malloc (entries * sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord));
+ struct GNUNET_CREDENTIAL_DelegationSet set[entries];
for (i=0;i<entries;i++)
{
matches = SSCANF (token,
@@ -239,6 +213,7 @@ credential_string_to_value (void *cls,
}
tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries,
set);
+
if (-1 == tmp_data_size)
return GNUNET_SYSERR;
*data_size += tmp_data_size;
@@ -247,6 +222,11 @@ credential_string_to_value (void *cls,
set,
tmp_data_size,
(char*)&sets[1]);
+ for (i=0;i<entries;i++)
+ {
+ if (0 != set[i].subject_attribute_len)
+ GNUNET_free ((char*)set[i].subject_attribute);
+ }
sets->set_count = htonl (entries);
sets->data_size = GNUNET_htonll (tmp_data_size);
@@ -255,58 +235,11 @@ credential_string_to_value (void *cls,
}
case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
{
- struct GNUNET_CREDENTIAL_CredentialRecordData *cred;
-
- size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
- if (enclen % 5 > 0)
- enclen += 5 - enclen % 5;
- enclen /= 5; /* 260/5 = 52 */
- char subject_pkey[enclen + 1];
- char issuer_pkey[enclen + 1];
- char name[253 + 1];
- char signature[128]; //TODO max payload size
- char expiration[256];
-
- struct GNUNET_CRYPTO_EcdsaSignature *sig;
- struct GNUNET_TIME_Absolute etime_abs;
-
- if (5 != SSCANF (s,
- "%52s.%253s -> %52s | %s | %255[0-9a-zA-Z: ]",
- issuer_pkey,
- name,
- subject_pkey,
- signature,
- expiration))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Unable to parse CRED record string `%s'\n"),
- s);
- return GNUNET_SYSERR;
- }
- *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1;
- *data = cred = GNUNET_malloc (*data_size);
- GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey,
- strlen (subject_pkey),
- &cred->subject_key);
- GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey,
- strlen (issuer_pkey),
- &cred->issuer_key);
- GNUNET_STRINGS_fancy_time_to_absolute (expiration,
- &etime_abs);
- GNUNET_STRINGS_base64_decode (signature,
- strlen (signature),
- (char**)&sig);
- cred->signature = *sig;
- cred->expiration = GNUNET_htonll (etime_abs.abs_value_us);
- cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
- cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t));
- GNUNET_free (sig);
- GNUNET_memcpy (&cred[1],
- name,
- strlen (name));
-
+ struct GNUNET_CREDENTIAL_Credential *cred;
+ cred = GNUNET_CREDENTIAL_credential_from_string (s);
+ *data_size = GNUNET_CREDENTIAL_credential_serialize (cred,
+ (char**)data);
return GNUNET_OK;
}
default:
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c
index 11e6fb276..2df65d7ad 100644
--- a/src/credential/plugin_rest_credential.c
+++ b/src/credential/plugin_rest_credential.c
@@ -37,6 +37,14 @@
#define GNUNET_REST_API_NS_CREDENTIAL "/credential"
+#define GNUNET_REST_API_NS_CREDENTIAL_ISSUE "/credential/issue"
+
+#define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify"
+
+#define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration"
+
+#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key"
+
#define GNUNET_REST_JSONAPI_CREDENTIAL "credential"
#define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential"
@@ -57,7 +65,7 @@ struct Plugin
const struct GNUNET_CONFIGURATION_Handle *cfg;
-struct VerifyHandle
+struct RequestHandle
{
/**
* Handle to Credential service.
@@ -70,6 +78,21 @@ struct VerifyHandle
struct GNUNET_CREDENTIAL_Request *verify_request;
/**
+ * Handle to issue request
+ */
+ struct GNUNET_CREDENTIAL_Request *issue_request;
+
+ /**
+ * Handle to identity
+ */
+ struct GNUNET_IDENTITY_Handle *identity;
+
+ /**
+ * Handle to identity operation
+ */
+ struct GNUNET_IDENTITY_Operation *id_op;
+
+ /**
* Handle to rest request
*/
struct GNUNET_REST_RequestHandle *rest_handle;
@@ -133,7 +156,7 @@ struct VerifyHandle
* @param handle Handle to clean up
*/
static void
-cleanup_handle (struct VerifyHandle *handle)
+cleanup_handle (struct RequestHandle *handle)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Cleaning up\n");
@@ -145,16 +168,13 @@ cleanup_handle (struct VerifyHandle *handle)
if (NULL != handle->subject_attr)
GNUNET_free (handle->subject_attr);
if (NULL != handle->verify_request)
- {
GNUNET_CREDENTIAL_verify_cancel (handle->verify_request);
- handle->verify_request = NULL;
- }
if (NULL != handle->credential)
- {
GNUNET_CREDENTIAL_disconnect (handle->credential);
- handle->credential = NULL;
- }
-
+ if (NULL != handle->id_op)
+ GNUNET_IDENTITY_cancel (handle->id_op);
+ if (NULL != handle->identity)
+ GNUNET_IDENTITY_disconnect (handle->identity);
if (NULL != handle->timeout_task)
{
GNUNET_SCHEDULER_cancel (handle->timeout_task);
@@ -172,7 +192,7 @@ cleanup_handle (struct VerifyHandle *handle)
static void
do_error (void *cls)
{
- struct VerifyHandle *handle = cls;
+ struct RequestHandle *handle = cls;
struct MHD_Response *resp;
resp = GNUNET_REST_create_response (NULL);
@@ -280,7 +300,7 @@ handle_verify_response (void *cls,
struct GNUNET_CREDENTIAL_Credential *cred)
{
- struct VerifyHandle *handle = cls;
+ struct RequestHandle *handle = cls;
struct MHD_Response *resp;
struct GNUNET_JSONAPI_Document *json_document;
struct GNUNET_JSONAPI_Resource *json_resource;
@@ -355,7 +375,7 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
const char* url,
void *cls)
{
- struct VerifyHandle *handle = cls;
+ struct RequestHandle *handle = cls;
struct GNUNET_HashCode key;
char *tmp;
char *entity_attr;
@@ -478,6 +498,213 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
}
+void
+send_cred_response (struct RequestHandle *handle,
+ struct GNUNET_CREDENTIAL_Credential *cred)
+{
+ struct MHD_Response *resp;
+ struct GNUNET_JSONAPI_Document *json_document;
+ struct GNUNET_JSONAPI_Resource *json_resource;
+ json_t *cred_obj;
+ char *result;
+ char *issuer;
+ char *subject;
+ char *signature;
+ char *id;
+
+ GNUNET_assert (NULL == cred);
+ issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key);
+ if (NULL == issuer)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Subject malformed\n");
+ return;
+ }
+ GNUNET_asprintf (&id,
+ "%s.%s",
+ issuer,
+ (char*)&cred[1]);
+ subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key);
+ if (NULL == subject)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Subject malformed\n");
+ return;
+ }
+ GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
+ sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
+ &signature);
+ json_document = GNUNET_JSONAPI_document_new ();
+ json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
+ id);
+ GNUNET_free (id);
+ cred_obj = json_object();
+ json_object_set_new (cred_obj, "issuer", json_string (issuer));
+ json_object_set_new (cred_obj, "subject", json_string (subject));
+ json_object_set_new (cred_obj, "expiration", json_integer( cred->expiration.abs_value_us));
+ json_object_set_new (cred_obj, "signature", json_string (signature));
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ GNUNET_REST_JSONAPI_CREDENTIAL,
+ cred_obj);
+ GNUNET_JSONAPI_document_resource_add (json_document, json_resource);
+ GNUNET_JSONAPI_document_serialize (json_document, &result);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Result %s\n",
+ result);
+ json_decref (cred_obj);
+ GNUNET_JSONAPI_document_delete (json_document);
+ resp = GNUNET_REST_create_response (result);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free (result);
+ GNUNET_free (signature);
+ GNUNET_free (issuer);
+ GNUNET_free (subject);
+ cleanup_handle (handle);
+}
+
+void
+get_cred_issuer_cb (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *name)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_TIME_Absolute etime_abs;
+ struct GNUNET_TIME_Relative etime_rel;
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer_key;
+ struct GNUNET_HashCode key;
+ struct GNUNET_CREDENTIAL_Credential *cred;
+ char* expiration_str;
+ char* tmp;
+
+ handle->id_op = NULL;
+
+ if (NULL == name)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Issuer not configured!\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connecting to credential service...\n");
+ handle->credential = GNUNET_CREDENTIAL_connect (cfg);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connected\n");
+ if (NULL == handle->credential)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Connecting to CREDENTIAL failed\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION,
+ strlen (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION),
+ &key);
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &key) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Missing expiration\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ expiration_str = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
+ &key);
+ if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration_str,
+ &etime_rel))
+ {
+ etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
+ } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration_str,
+ &etime_abs))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Malformed expiration: %s\n", expiration_str);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
+ strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR),
+ &key);
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &key) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Missing issuer attribute\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get
+ (handle->rest_handle->url_param_map,
+ &key));
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY,
+ strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY),
+ &key);
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &key) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Missing subject\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ tmp = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
+ &key);
+ if (NULL == tmp)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Malformed subject\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp,
+ strlen (tmp),
+ &handle->subject_key)) {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Malformed subject key\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ issuer_key = GNUNET_IDENTITY_ego_get_private_key (ego);
+ cred = GNUNET_CREDENTIAL_credential_issue (issuer_key,
+ &handle->subject_key,
+ handle->issuer_attr,
+ &etime_abs);
+ if (NULL == cred)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to create credential\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ send_cred_response (handle, cred);
+}
+
+
+static void
+issue_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
+ const char* url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+
+ handle->identity = GNUNET_IDENTITY_connect (cfg,
+ NULL,
+ NULL);
+ handle->id_op = GNUNET_IDENTITY_get(handle->identity,
+ "credential-issuer",
+ &get_cred_issuer_cb,
+ handle);
+ handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout,
+ &do_error,
+ handle);
+}
+
/**
* Handle rest request
*
@@ -489,7 +716,7 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle,
void *cls)
{
struct MHD_Response *resp;
- struct VerifyHandle *handle = cls;
+ struct RequestHandle *handle = cls;
//For GNS, independent of path return all options
resp = GNUNET_REST_create_response (NULL);
@@ -519,7 +746,7 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl
GNUNET_REST_ResultProcessor proc,
void *proc_cls)
{
- struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle);
+ struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
struct GNUNET_REST_RequestHandlerError err;
handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -528,7 +755,8 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl
handle->rest_handle = conndata_handle;
static const struct GNUNET_REST_RequestHandler handlers[] = {
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL, &verify_cred_cont},
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont},
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont},
{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont},
GNUNET_REST_HANDLER_END
};
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh
index b2ced204a..158d91c5b 100755
--- a/src/credential/test_credential_issue.sh
+++ b/src/credential/test_credential_issue.sh
@@ -39,6 +39,6 @@ then
fi
#Try import
$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf
-
+RES=$?
gnunet-arm -e -c test_credential_lookup.conf
-exit $?
+exit $RES
diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf
index f4bf36c52..7aa193abd 100644
--- a/src/credential/test_credential_lookup.conf
+++ b/src/credential/test_credential_lookup.conf
@@ -14,7 +14,7 @@ AUTOSTART = YES
#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog
[rest]
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog
+#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog
[gns]
#PREFIX = valgrind --leak-check=full --track-origins=yes
diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh
index 924f2ab4a..c4fd8c7a3 100755
--- a/src/credential/test_credential_verify_simple.sh
+++ b/src/credential/test_credential_verify_simple.sh
@@ -39,7 +39,7 @@ RES_CRED=`gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR
gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf
gnunet-identity -D testsubject -c test_credential_lookup.conf
gnunet-arm -e -c test_credential_lookup.conf
-
+echo $RES_CRED
#TODO3 proper test
if [ "$RES_CRED" == "Successful." ]
then