diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-15 13:36:40 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-15 13:36:40 +0100 |
commit | 7a6a665cea13854c28384fd4e51da0f10b4933cc (patch) | |
tree | 8a1d3b41d99edcdf50c643e088b5bfa7cabf3424 /src/credential | |
parent | fb662a6b560d84903e5b9601a1df1778dd12ae44 (diff) | |
download | gnunet-7a6a665cea13854c28384fd4e51da0f10b4933cc.tar.gz gnunet-7a6a665cea13854c28384fd4e51da0f10b4933cc.zip |
-fix rest; prelim test;
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/credential_api.c | 1 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 31 | ||||
-rw-r--r-- | src/credential/test_credential_lookup.conf | 3 | ||||
-rwxr-xr-x | src/credential/test_credential_verify_rest.sh | 84 |
4 files changed, 111 insertions, 8 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 860504e61..d9e01c1d3 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -234,6 +234,7 @@ handle_result (void *cls, | |||
234 | GNUNET_CONTAINER_DLL_remove (handle->verify_head, | 234 | GNUNET_CONTAINER_DLL_remove (handle->verify_head, |
235 | handle->verify_tail, | 235 | handle->verify_tail, |
236 | vr); | 236 | vr); |
237 | GNUNET_MQ_discard (vr->env); | ||
237 | GNUNET_free (vr); | 238 | GNUNET_free (vr); |
238 | GNUNET_assert (GNUNET_OK == | 239 | GNUNET_assert (GNUNET_OK == |
239 | GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, | 240 | GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index f6e4fc5a8..11e6fb276 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -193,12 +193,14 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch | |||
193 | json_t *attr_obj; | 193 | json_t *attr_obj; |
194 | 194 | ||
195 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); | 195 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); |
196 | if (NULL == issuer) | ||
196 | { | 197 | { |
197 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 198 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
198 | "Issuer in delegation malformed\n"); | 199 | "Issuer in delegation malformed\n"); |
199 | return NULL; | 200 | return NULL; |
200 | } | 201 | } |
201 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key); | 202 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key); |
203 | if (NULL == subject) | ||
202 | { | 204 | { |
203 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 205 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
204 | "Subject in credential malformed\n"); | 206 | "Subject in credential malformed\n"); |
@@ -207,16 +209,17 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch | |||
207 | } | 209 | } |
208 | attr_obj = json_object (); | 210 | attr_obj = json_object (); |
209 | 211 | ||
210 | json_object_set_new (attr_obj, "subject", json_string (subject)); | 212 | json_object_set_new (attr_obj, "issuer", json_string (issuer)); |
211 | json_object_set_new (attr_obj, "issuer", json_string (issuer)); | ||
212 | json_object_set_new (attr_obj, "issuer_attribute", | 213 | json_object_set_new (attr_obj, "issuer_attribute", |
213 | json_string (delegation_chain_entry->issuer_attribute)); | 214 | json_string (delegation_chain_entry->issuer_attribute)); |
214 | 215 | ||
216 | json_object_set_new (attr_obj, "subject", json_string (subject)); | ||
215 | if (0 < delegation_chain_entry->subject_attribute_len) | 217 | if (0 < delegation_chain_entry->subject_attribute_len) |
216 | { | 218 | { |
217 | json_object_set_new (attr_obj, "subject_attribute", | 219 | json_object_set_new (attr_obj, "subject_attribute", |
218 | json_string (delegation_chain_entry->subject_attribute)); | 220 | json_string (delegation_chain_entry->subject_attribute)); |
219 | } | 221 | } |
222 | GNUNET_free (issuer); | ||
220 | GNUNET_free (subject); | 223 | GNUNET_free (subject); |
221 | return attr_obj; | 224 | return attr_obj; |
222 | } | 225 | } |
@@ -286,6 +289,8 @@ handle_verify_response (void *cls, | |||
286 | json_t *cred_array; | 289 | json_t *cred_array; |
287 | json_t *attr_array; | 290 | json_t *attr_array; |
288 | char *result; | 291 | char *result; |
292 | char *issuer; | ||
293 | char *id; | ||
289 | uint32_t i; | 294 | uint32_t i; |
290 | 295 | ||
291 | handle->verify_request = NULL; | 296 | handle->verify_request = NULL; |
@@ -296,23 +301,33 @@ handle_verify_response (void *cls, | |||
296 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 301 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
297 | return; | 302 | return; |
298 | } | 303 | } |
304 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->issuer_key); | ||
305 | if (NULL == issuer) | ||
306 | { | ||
307 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
308 | "Issuer in delegation malformed\n"); | ||
309 | return; | ||
310 | } | ||
311 | GNUNET_asprintf (&id, | ||
312 | "%s.%s", | ||
313 | issuer, | ||
314 | handle->issuer_attr); | ||
315 | GNUNET_free (issuer); | ||
299 | json_document = GNUNET_JSONAPI_document_new (); | 316 | json_document = GNUNET_JSONAPI_document_new (); |
300 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, | 317 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, |
301 | handle->issuer_attr); | 318 | id); |
302 | cred_obj = credential_to_json (cred); | 319 | GNUNET_free (id); |
303 | attr_array = json_array (); | 320 | attr_array = json_array (); |
304 | for (i = 0; i < d_count; i++) | 321 | for (i = 0; i < d_count; i++) |
305 | { | 322 | { |
306 | attr_obj = attribute_delegation_to_json (&delegation_chain[i]); | 323 | attr_obj = attribute_delegation_to_json (&delegation_chain[i]); |
307 | json_array_append (attr_array, attr_obj); | 324 | json_array_append_new (attr_array, attr_obj); |
308 | json_decref (attr_obj); | ||
309 | } | 325 | } |
310 | cred_array = json_array (); | 326 | cred_array = json_array (); |
311 | for (i=0;i<c_count;i++) | 327 | for (i=0;i<c_count;i++) |
312 | { | 328 | { |
313 | cred_obj = credential_to_json (&cred[i]); | 329 | cred_obj = credential_to_json (&cred[i]); |
314 | json_array_append (cred_array, cred_obj); | 330 | json_array_append_new (cred_array, cred_obj); |
315 | json_decref (cred_obj); | ||
316 | } | 331 | } |
317 | GNUNET_JSONAPI_resource_add_attr (json_resource, | 332 | GNUNET_JSONAPI_resource_add_attr (json_resource, |
318 | GNUNET_REST_JSONAPI_CREDENTIAL, | 333 | GNUNET_REST_JSONAPI_CREDENTIAL, |
diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf index 57c62fab3..f4bf36c52 100644 --- a/src/credential/test_credential_lookup.conf +++ b/src/credential/test_credential_lookup.conf | |||
@@ -13,6 +13,9 @@ PLUGINS = | |||
13 | AUTOSTART = YES | 13 | AUTOSTART = YES |
14 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog | 14 | #PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog |
15 | 15 | ||
16 | [rest] | ||
17 | PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog | ||
18 | |||
16 | [gns] | 19 | [gns] |
17 | #PREFIX = valgrind --leak-check=full --track-origins=yes | 20 | #PREFIX = valgrind --leak-check=full --track-origins=yes |
18 | AUTOSTART = YES | 21 | AUTOSTART = YES |
diff --git a/src/credential/test_credential_verify_rest.sh b/src/credential/test_credential_verify_rest.sh new file mode 100755 index 000000000..092737df7 --- /dev/null +++ b/src/credential/test_credential_verify_rest.sh | |||
@@ -0,0 +1,84 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) Service.user -> GNU.project.member | ||
19 | # (2) GNU.project -> GNUnet | ||
20 | # (3) GNUnet.member -> GNUnet.developer | ||
21 | # (4) GNUnet.member -> GNUnet.user | ||
22 | # (5) GNUnet.developer -> Alice | ||
23 | |||
24 | |||
25 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
26 | gnunet-arm -s -c test_credential_lookup.conf | ||
27 | gnunet-identity -C service -c test_credential_lookup.conf | ||
28 | gnunet-identity -C alice -c test_credential_lookup.conf | ||
29 | gnunet-identity -C gnu -c test_credential_lookup.conf | ||
30 | gnunet-identity -C gnunet -c test_credential_lookup.conf | ||
31 | |||
32 | GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}') | ||
33 | ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}') | ||
34 | GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}') | ||
35 | SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}') | ||
36 | |||
37 | USER_ATTR="user" | ||
38 | GNU_PROJECT_ATTR="project" | ||
39 | MEMBER_ATTR="member" | ||
40 | DEVELOPER_ATTR="developer" | ||
41 | DEV_ATTR="developer" | ||
42 | TEST_CREDENTIAL="mygnunetcreds" | ||
43 | |||
44 | # (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU | ||
45 | gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf | ||
46 | |||
47 | # (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute | ||
48 | gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf | ||
49 | |||
50 | # (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user" | ||
51 | gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR" -e 5m -c test_credential_lookup.conf | ||
52 | gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf | ||
53 | |||
54 | # (5) GNUnet issues Alice the credential "developer" | ||
55 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` | ||
56 | |||
57 | # Alice stores the credential under "mygnunetcreds" | ||
58 | gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | ||
59 | |||
60 | #TODO2 Add -z swich like in gnunet-gns | ||
61 | RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` | ||
62 | |||
63 | gnunet-arm -i rest -c test_credential_lookup.conf | ||
64 | |||
65 | sleep 5 | ||
66 | |||
67 | echo "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" | ||
68 | curl -v "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" | ||
69 | |||
70 | #TODO cleanup properly | ||
71 | gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf | ||
72 | gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf | ||
73 | gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf | ||
74 | gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf | ||
75 | gnunet-arm -e -c test_credential_lookup.conf | ||
76 | |||
77 | if [ "$RES_CRED" != "Failed." ] | ||
78 | then | ||
79 | echo -e "${RES_CRED}" | ||
80 | exit 0 | ||
81 | else | ||
82 | echo "FAIL: Failed to verify credential $RES_CRED." | ||
83 | exit 1 | ||
84 | fi | ||