diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2012-06-19 18:41:47 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2012-06-19 18:41:47 +0000 |
commit | 313d7741e03f767652a61265d1bfc8e2186ef98a (patch) | |
tree | 8f367f94bfecae1ab670dba3426679922c2d399b /src/gns/gnunet-service-gns_resolver.c | |
parent | 7df93ad48942b6376fd64ad86958eabe9c43d341 (diff) | |
download | gnunet-313d7741e03f767652a61265d1bfc8e2186ef98a.tar.gz gnunet-313d7741e03f767652a61265d1bfc8e2186ef98a.zip |
-zone revocation
Diffstat (limited to 'src/gns/gnunet-service-gns_resolver.c')
-rw-r--r-- | src/gns/gnunet-service-gns_resolver.c | 114 |
1 files changed, 97 insertions, 17 deletions
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c index 0236c7207..c09bcca90 100644 --- a/src/gns/gnunet-service-gns_resolver.c +++ b/src/gns/gnunet-service-gns_resolver.c | |||
@@ -2603,6 +2603,13 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh, | |||
2603 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2603 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
2604 | "GNS_PHASE_DELEGATE_NS-%llu: Resolution status: %d.\n", | 2604 | "GNS_PHASE_DELEGATE_NS-%llu: Resolution status: %d.\n", |
2605 | rh->id, rh->status); | 2605 | rh->id, rh->status); |
2606 | |||
2607 | if (rh->status & RSL_PKEY_REVOKED) | ||
2608 | { | ||
2609 | finish_lookup (rh, rlh, 0, NULL); | ||
2610 | free_resolver_handle (rh); | ||
2611 | return; | ||
2612 | } | ||
2606 | 2613 | ||
2607 | if (strcmp(rh->name, "") == 0) | 2614 | if (strcmp(rh->name, "") == 0) |
2608 | { | 2615 | { |
@@ -2668,7 +2675,16 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh, | |||
2668 | } | 2675 | } |
2669 | else if (rh->status & RSL_DELEGATE_PKEY) | 2676 | else if (rh->status & RSL_DELEGATE_PKEY) |
2670 | { | 2677 | { |
2671 | if (rlh->record_type == GNUNET_GNS_RECORD_PKEY) | 2678 | if (rh->status & RSL_PKEY_REVOKED) |
2679 | { | ||
2680 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | ||
2681 | "GNS_PHASE_DELEGATE_NS-%llu: Resolved PKEY is revoked.\n", | ||
2682 | rh->id); | ||
2683 | finish_lookup (rh, rlh, 0, NULL); | ||
2684 | free_resolver_handle (rh); | ||
2685 | return; | ||
2686 | } | ||
2687 | else if (rlh->record_type == GNUNET_GNS_RECORD_PKEY) | ||
2672 | { | 2688 | { |
2673 | GNUNET_assert(rd_count == 1); | 2689 | GNUNET_assert(rd_count == 1); |
2674 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | 2690 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, |
@@ -2760,6 +2776,77 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh, | |||
2760 | resolve_delegation_dht(rh); | 2776 | resolve_delegation_dht(rh); |
2761 | } | 2777 | } |
2762 | 2778 | ||
2779 | /** | ||
2780 | * This is a callback function that checks for key revocation | ||
2781 | * | ||
2782 | * @param cls the pending query | ||
2783 | * @param key the key of the zone we did the lookup | ||
2784 | * @param expiration expiration date of the record data set in the namestore | ||
2785 | * @param name the name for which we need an authority | ||
2786 | * @param rd_count the number of records with 'name' | ||
2787 | * @param rd the record data | ||
2788 | * @param signature the signature of the authority for the record data | ||
2789 | */ | ||
2790 | static void | ||
2791 | process_pkey_revocation_result_ns (void *cls, | ||
2792 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key, | ||
2793 | struct GNUNET_TIME_Absolute expiration, | ||
2794 | const char *name, | ||
2795 | unsigned int rd_count, | ||
2796 | const struct GNUNET_NAMESTORE_RecordData *rd, | ||
2797 | const struct GNUNET_CRYPTO_RsaSignature *signature) | ||
2798 | { | ||
2799 | struct ResolverHandle *rh = cls; | ||
2800 | struct GNUNET_TIME_Relative remaining_time; | ||
2801 | int i; | ||
2802 | |||
2803 | remaining_time = GNUNET_TIME_absolute_get_remaining (expiration); | ||
2804 | |||
2805 | for (i = 0; i < rd_count; i++) | ||
2806 | { | ||
2807 | if (rd[i].record_type == GNUNET_GNS_RECORD_REV) | ||
2808 | { | ||
2809 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | ||
2810 | "GNS_PHASE_DELEGATE_NS-%llu: Zone has been revoked.\n", | ||
2811 | rh->id); | ||
2812 | rh->status |= RSL_PKEY_REVOKED; | ||
2813 | rh->proc (rh->proc_cls, rh, 0, NULL); | ||
2814 | return; | ||
2815 | } | ||
2816 | } | ||
2817 | |||
2818 | if ((name == NULL) || | ||
2819 | (remaining_time.rel_value == 0)) | ||
2820 | { | ||
2821 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | ||
2822 | "GNS_PHASE_DELEGATE_NS-%llu: + Records don't exist or are expired.\n", | ||
2823 | rh->id, name); | ||
2824 | //FIXME start BG lookup | ||
2825 | GNUNET_log(GNUNET_ERROR_TYPE_DEBUG, | ||
2826 | "GNS_PHASE_DELEGATE_NS-%d: Starting background lookup for %s type %d\n", | ||
2827 | rh->id, "+.gnunet", GNUNET_GNS_RECORD_REV); | ||
2828 | |||
2829 | gns_resolver_lookup_record(rh->authority, | ||
2830 | rh->private_local_zone, | ||
2831 | GNUNET_GNS_RECORD_REV, | ||
2832 | GNUNET_GNS_TLD, | ||
2833 | rh->priv_key, | ||
2834 | GNUNET_TIME_UNIT_FOREVER_REL, | ||
2835 | GNUNET_NO, | ||
2836 | &background_lookup_result_processor, | ||
2837 | NULL); | ||
2838 | } | ||
2839 | |||
2840 | /** | ||
2841 | * We are done with PKEY resolution if name is empty | ||
2842 | * else resolve again with new authority | ||
2843 | */ | ||
2844 | if (strcmp (rh->name, "") == 0) | ||
2845 | rh->proc (rh->proc_cls, rh, 0, NULL); | ||
2846 | else | ||
2847 | resolve_delegation_ns (rh); | ||
2848 | return; | ||
2849 | } | ||
2763 | 2850 | ||
2764 | 2851 | ||
2765 | /** | 2852 | /** |
@@ -2777,7 +2864,7 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh, | |||
2777 | * @param signature the signature of the authority for the record data | 2864 | * @param signature the signature of the authority for the record data |
2778 | */ | 2865 | */ |
2779 | static void | 2866 | static void |
2780 | process_delegation_result_ns(void* cls, | 2867 | process_delegation_result_ns (void* cls, |
2781 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key, | 2868 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key, |
2782 | struct GNUNET_TIME_Absolute expiration, | 2869 | struct GNUNET_TIME_Absolute expiration, |
2783 | const char *name, | 2870 | const char *name, |
@@ -2962,22 +3049,15 @@ process_delegation_result_ns(void* cls, | |||
2962 | rh->authority_chain_tail, | 3049 | rh->authority_chain_tail, |
2963 | auth); | 3050 | auth); |
2964 | 3051 | ||
2965 | /** try to import pkey if private key available | 3052 | /* Check for key revocation and delegate */ |
2966 | * TODO: Only import last one? | 3053 | GNUNET_NAMESTORE_lookup_record (namestore_handle, |
2967 | */ | 3054 | &rh->authority, |
2968 | //if (rh->priv_key && (name != NULL) && is_canonical (rh->name)) | 3055 | "+", |
2969 | // process_discovered_authority((char*)name, auth->zone, | 3056 | GNUNET_GNS_RECORD_REV, |
2970 | // rh->authority_chain_tail->zone, | 3057 | &process_pkey_revocation_result_ns, |
2971 | // rh->priv_key); | 3058 | rh); |
2972 | /** | ||
2973 | * We are done with PKEY resolution if name is empty | ||
2974 | * else resolve again with new authority | ||
2975 | */ | ||
2976 | if (strcmp (rh->name, "") == 0) | ||
2977 | rh->proc (rh->proc_cls, rh, rd_count, rd); | ||
2978 | else | ||
2979 | resolve_delegation_ns (rh); | ||
2980 | return; | 3059 | return; |
3060 | |||
2981 | } | 3061 | } |
2982 | 3062 | ||
2983 | /** | 3063 | /** |