summaryrefslogtreecommitdiff
path: root/src/credential
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-15 13:36:40 +0100
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-15 13:36:40 +0100
commit7a6a665cea13854c28384fd4e51da0f10b4933cc (patch)
tree8a1d3b41d99edcdf50c643e088b5bfa7cabf3424 /src/credential
parentfb662a6b560d84903e5b9601a1df1778dd12ae44 (diff)
-fix rest; prelim test;
Diffstat (limited to 'src/credential')
-rw-r--r--src/credential/credential_api.c1
-rw-r--r--src/credential/plugin_rest_credential.c31
-rw-r--r--src/credential/test_credential_lookup.conf3
-rwxr-xr-xsrc/credential/test_credential_verify_rest.sh84
4 files changed, 111 insertions, 8 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index 860504e61..d9e01c1d3 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -234,6 +234,7 @@ handle_result (void *cls,
GNUNET_CONTAINER_DLL_remove (handle->verify_head,
handle->verify_tail,
vr);
+ GNUNET_MQ_discard (vr->env);
GNUNET_free (vr);
GNUNET_assert (GNUNET_OK ==
GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen,
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c
index f6e4fc5a8..11e6fb276 100644
--- a/src/credential/plugin_rest_credential.c
+++ b/src/credential/plugin_rest_credential.c
@@ -193,12 +193,14 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch
json_t *attr_obj;
issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key);
+ if (NULL == issuer)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Issuer in delegation malformed\n");
return NULL;
}
subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key);
+ if (NULL == subject)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Subject in credential malformed\n");
@@ -207,16 +209,17 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch
}
attr_obj = json_object ();
- json_object_set_new (attr_obj, "subject", json_string (subject));
- json_object_set_new (attr_obj, "issuer", json_string (issuer));
+ json_object_set_new (attr_obj, "issuer", json_string (issuer));
json_object_set_new (attr_obj, "issuer_attribute",
json_string (delegation_chain_entry->issuer_attribute));
+ json_object_set_new (attr_obj, "subject", json_string (subject));
if (0 < delegation_chain_entry->subject_attribute_len)
{
json_object_set_new (attr_obj, "subject_attribute",
json_string (delegation_chain_entry->subject_attribute));
}
+ GNUNET_free (issuer);
GNUNET_free (subject);
return attr_obj;
}
@@ -286,6 +289,8 @@ handle_verify_response (void *cls,
json_t *cred_array;
json_t *attr_array;
char *result;
+ char *issuer;
+ char *id;
uint32_t i;
handle->verify_request = NULL;
@@ -296,23 +301,33 @@ handle_verify_response (void *cls,
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
+ issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->issuer_key);
+ if (NULL == issuer)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Issuer in delegation malformed\n");
+ return;
+ }
+ GNUNET_asprintf (&id,
+ "%s.%s",
+ issuer,
+ handle->issuer_attr);
+ GNUNET_free (issuer);
json_document = GNUNET_JSONAPI_document_new ();
json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
- handle->issuer_attr);
- cred_obj = credential_to_json (cred);
+ id);
+ GNUNET_free (id);
attr_array = json_array ();
for (i = 0; i < d_count; i++)
{
attr_obj = attribute_delegation_to_json (&delegation_chain[i]);
- json_array_append (attr_array, attr_obj);
- json_decref (attr_obj);
+ json_array_append_new (attr_array, attr_obj);
}
cred_array = json_array ();
for (i=0;i<c_count;i++)
{
cred_obj = credential_to_json (&cred[i]);
- json_array_append (cred_array, cred_obj);
- json_decref (cred_obj);
+ json_array_append_new (cred_array, cred_obj);
}
GNUNET_JSONAPI_resource_add_attr (json_resource,
GNUNET_REST_JSONAPI_CREDENTIAL,
diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf
index 57c62fab3..f4bf36c52 100644
--- a/src/credential/test_credential_lookup.conf
+++ b/src/credential/test_credential_lookup.conf
@@ -13,6 +13,9 @@ PLUGINS =
AUTOSTART = YES
#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog
+[rest]
+PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog
+
[gns]
#PREFIX = valgrind --leak-check=full --track-origins=yes
AUTOSTART = YES
diff --git a/src/credential/test_credential_verify_rest.sh b/src/credential/test_credential_verify_rest.sh
new file mode 100755
index 000000000..092737df7
--- /dev/null
+++ b/src/credential/test_credential_verify_rest.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+ LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+ echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+ exit 77
+fi
+
+rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f`
+
+# (1) Service.user -> GNU.project.member
+# (2) GNU.project -> GNUnet
+# (3) GNUnet.member -> GNUnet.developer
+# (4) GNUnet.member -> GNUnet.user
+# (5) GNUnet.developer -> Alice
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+gnunet-arm -s -c test_credential_lookup.conf
+gnunet-identity -C service -c test_credential_lookup.conf
+gnunet-identity -C alice -c test_credential_lookup.conf
+gnunet-identity -C gnu -c test_credential_lookup.conf
+gnunet-identity -C gnunet -c test_credential_lookup.conf
+
+GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}')
+ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}')
+GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}')
+SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}')
+
+USER_ATTR="user"
+GNU_PROJECT_ATTR="project"
+MEMBER_ATTR="member"
+DEVELOPER_ATTR="developer"
+DEV_ATTR="developer"
+TEST_CREDENTIAL="mygnunetcreds"
+
+# (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU
+gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf
+
+# (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute
+gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf
+
+# (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user"
+gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR" -e 5m -c test_credential_lookup.conf
+gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf
+
+# (5) GNUnet issues Alice the credential "developer"
+CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf`
+
+# Alice stores the credential under "mygnunetcreds"
+gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf
+
+#TODO2 Add -z swich like in gnunet-gns
+RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf`
+
+gnunet-arm -i rest -c test_credential_lookup.conf
+
+sleep 5
+
+echo "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL"
+curl -v "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL"
+
+#TODO cleanup properly
+gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf
+gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf
+gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf
+gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf
+gnunet-arm -e -c test_credential_lookup.conf
+
+if [ "$RES_CRED" != "Failed." ]
+then
+ echo -e "${RES_CRED}"
+ exit 0
+else
+ echo "FAIL: Failed to verify credential $RES_CRED."
+ exit 1
+fi