-zone revocation

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2012-06-19 18:41:47 +0000
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2012-06-19 18:41:47 +0000
commit: 313d7741e03f767652a61265d1bfc8e2186ef98a (patch)
tree: 8f367f94bfecae1ab670dba3426679922c2d399b /src/gns/gnunet-service-gns_resolver.c
parent: 7df93ad48942b6376fd64ad86958eabe9c43d341 (diff)
download: gnunet-313d7741e03f767652a61265d1bfc8e2186ef98a.tar.gz
gnunet-313d7741e03f767652a61265d1bfc8e2186ef98a.zip
1 files changed, 97 insertions, 17 deletions
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 0236c7207..c09bcca90 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -2603,6 +2603,13 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
             "GNS_PHASE_DELEGATE_NS-%llu: Resolution status: %d.\n",
             rh->id, rh->status);
+  if (rh->status & RSL_PKEY_REVOKED)
+  {
+    finish_lookup (rh, rlh, 0, NULL);
+    free_resolver_handle (rh);
+    return;
+  }
  
  if (strcmp(rh->name, "") == 0)
  {
@@ -2668,7 +2675,16 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
    }
    else if (rh->status & RSL_DELEGATE_PKEY)
    {
-      if (rlh->record_type == GNUNET_GNS_RECORD_PKEY)
+      if (rh->status & RSL_PKEY_REVOKED)
+      {
+        GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+                   "GNS_PHASE_DELEGATE_NS-%llu: Resolved PKEY is revoked.\n",
+                   rh->id);
+        finish_lookup (rh, rlh, 0, NULL);
+        free_resolver_handle (rh);
+        return;
+      }
+      else if (rlh->record_type == GNUNET_GNS_RECORD_PKEY)
      {
        GNUNET_assert(rd_count == 1);
        GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
@@ -2760,6 +2776,77 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
  resolve_delegation_dht(rh);
 }
+/**
+ * This is a callback function that checks for key revocation
+ *
+ * @param cls the pending query
+ * @param key the key of the zone we did the lookup
+ * @param expiration expiration date of the record data set in the namestore
+ * @param name the name for which we need an authority
+ * @param rd_count the number of records with 'name'
+ * @param rd the record data
+ * @param signature the signature of the authority for the record data
+ */
+static void
+process_pkey_revocation_result_ns (void *cls,
+                    const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
+                    struct GNUNET_TIME_Absolute expiration,
+                    const char *name,
+                    unsigned int rd_count,
+                    const struct GNUNET_NAMESTORE_RecordData *rd,
+                    const struct GNUNET_CRYPTO_RsaSignature *signature)
+{
+  struct ResolverHandle *rh = cls;
+  struct GNUNET_TIME_Relative remaining_time;
+  int i;
+  
+  remaining_time = GNUNET_TIME_absolute_get_remaining (expiration);
+  
+  for (i = 0; i < rd_count; i++)
+  {
+    if (rd[i].record_type == GNUNET_GNS_RECORD_REV)
+    {
+      GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+                 "GNS_PHASE_DELEGATE_NS-%llu: Zone has been revoked.\n",
+                 rh->id);
+      rh->status |= RSL_PKEY_REVOKED;
+      rh->proc (rh->proc_cls, rh, 0, NULL);
+      return;
+    }
+  }
+  
+  if ((name == NULL) ||
+      (remaining_time.rel_value == 0))
+  {
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+          "GNS_PHASE_DELEGATE_NS-%llu: + Records don't exist or are expired.\n",
+          rh->id, name);
+    //FIXME start BG lookup
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+        "GNS_PHASE_DELEGATE_NS-%d: Starting background lookup for %s type %d\n",
+        rh->id, "+.gnunet", GNUNET_GNS_RECORD_REV);
+    gns_resolver_lookup_record(rh->authority,
+                               rh->private_local_zone,
+                               GNUNET_GNS_RECORD_REV,
+                               GNUNET_GNS_TLD,
+                               rh->priv_key,
+                               GNUNET_TIME_UNIT_FOREVER_REL,
+                               GNUNET_NO,
+                               &background_lookup_result_processor,
+                               NULL);
+  }
+  
+  /**
+   * We are done with PKEY resolution if name is empty
+   * else resolve again with new authority
+   */
+  if (strcmp (rh->name, "") == 0)
+    rh->proc (rh->proc_cls, rh, 0, NULL);
+  else
+    resolve_delegation_ns (rh);
+  return;
+}
 /**
@@ -2777,7 +2864,7 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
 * @param signature the signature of the authority for the record data
 */
 static void
-process_delegation_result_ns(void* cls,
+process_delegation_result_ns (void* cls,
                   const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
                   struct GNUNET_TIME_Absolute expiration,
                   const char *name,
@@ -2962,22 +3049,15 @@ process_delegation_result_ns(void* cls,
                                 rh->authority_chain_tail,
                                 auth);
    
-    /** try to import pkey if private key available
+    /* Check for key revocation and delegate */
-     * TODO: Only import last one?
+    GNUNET_NAMESTORE_lookup_record (namestore_handle,
-     */
+                                    &rh->authority,
-    //if (rh->priv_key && (name != NULL) && is_canonical (rh->name))
+                                    "+",
-    //  process_discovered_authority((char*)name, auth->zone,
+                                    GNUNET_GNS_RECORD_REV,
-    //                               rh->authority_chain_tail->zone,
+                                    &process_pkey_revocation_result_ns,
-    //                               rh->priv_key);
+                                    rh);
-    /**
-     * We are done with PKEY resolution if name is empty
-     * else resolve again with new authority
-     */
-    if (strcmp (rh->name, "") == 0)
-      rh->proc (rh->proc_cls, rh, rd_count, rd);
-    else
-      resolve_delegation_ns (rh);
    return;
+    
  }
    
  /**
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2012-06-19 18:41:47 +0000
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2012-06-19 18:41:47 +0000
commit	313d7741e03f767652a61265d1bfc8e2186ef98a (patch)
tree	8f367f94bfecae1ab670dba3426679922c2d399b /src/gns/gnunet-service-gns_resolver.c
parent	7df93ad48942b6376fd64ad86958eabe9c43d341 (diff)
download	gnunet-313d7741e03f767652a61265d1bfc8e2186ef98a.tar.gz gnunet-313d7741e03f767652a61265d1bfc8e2186ef98a.zip

diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c index 0236c7207..c09bcca90 100644 --- a/src/gns/gnunet-service-gns_resolver.c +++ b/src/gns/gnunet-service-gns_resolver.c
@@ -2603,6 +2603,13 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
2603	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,	2603	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
2604	"GNS_PHASE_DELEGATE_NS-%llu: Resolution status: %d.\n",	2604	"GNS_PHASE_DELEGATE_NS-%llu: Resolution status: %d.\n",
2605	rh->id, rh->status);	2605	rh->id, rh->status);
		2606
		2607	if (rh->status & RSL_PKEY_REVOKED)
		2608	{
		2609	finish_lookup (rh, rlh, 0, NULL);
		2610	free_resolver_handle (rh);
		2611	return;
		2612	}
2606		2613
2607	if (strcmp(rh->name, "") == 0)	2614	if (strcmp(rh->name, "") == 0)
2608	{	2615	{
@@ -2668,7 +2675,16 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
2668	}	2675	}
2669	else if (rh->status & RSL_DELEGATE_PKEY)	2676	else if (rh->status & RSL_DELEGATE_PKEY)
2670	{	2677	{
2671	if (rlh->record_type == GNUNET_GNS_RECORD_PKEY)	2678	if (rh->status & RSL_PKEY_REVOKED)
		2679	{
		2680	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
		2681	"GNS_PHASE_DELEGATE_NS-%llu: Resolved PKEY is revoked.\n",
		2682	rh->id);
		2683	finish_lookup (rh, rlh, 0, NULL);
		2684	free_resolver_handle (rh);
		2685	return;
		2686	}
		2687	else if (rlh->record_type == GNUNET_GNS_RECORD_PKEY)
2672	{	2688	{
2673	GNUNET_assert(rd_count == 1);	2689	GNUNET_assert(rd_count == 1);
2674	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,	2690	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
@@ -2760,6 +2776,77 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
2760	resolve_delegation_dht(rh);	2776	resolve_delegation_dht(rh);
2761	}	2777	}
2762		2778
		2779	/**
		2780	* This is a callback function that checks for key revocation
		2781	*
		2782	* @param cls the pending query
		2783	* @param key the key of the zone we did the lookup
		2784	* @param expiration expiration date of the record data set in the namestore
		2785	* @param name the name for which we need an authority
		2786	* @param rd_count the number of records with 'name'
		2787	* @param rd the record data
		2788	* @param signature the signature of the authority for the record data
		2789	*/
		2790	static void
		2791	process_pkey_revocation_result_ns (void *cls,
		2792	const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
		2793	struct GNUNET_TIME_Absolute expiration,
		2794	const char *name,
		2795	unsigned int rd_count,
		2796	const struct GNUNET_NAMESTORE_RecordData *rd,
		2797	const struct GNUNET_CRYPTO_RsaSignature *signature)
		2798	{
		2799	struct ResolverHandle *rh = cls;
		2800	struct GNUNET_TIME_Relative remaining_time;
		2801	int i;
		2802
		2803	remaining_time = GNUNET_TIME_absolute_get_remaining (expiration);
		2804
		2805	for (i = 0; i < rd_count; i++)
		2806	{
		2807	if (rd[i].record_type == GNUNET_GNS_RECORD_REV)
		2808	{
		2809	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
		2810	"GNS_PHASE_DELEGATE_NS-%llu: Zone has been revoked.\n",
		2811	rh->id);
		2812	rh->status \|= RSL_PKEY_REVOKED;
		2813	rh->proc (rh->proc_cls, rh, 0, NULL);
		2814	return;
		2815	}
		2816	}
		2817
		2818	if ((name == NULL) \|\|
		2819	(remaining_time.rel_value == 0))
		2820	{
		2821	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
		2822	"GNS_PHASE_DELEGATE_NS-%llu: + Records don't exist or are expired.\n",
		2823	rh->id, name);
		2824	//FIXME start BG lookup
		2825	GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
		2826	"GNS_PHASE_DELEGATE_NS-%d: Starting background lookup for %s type %d\n",
		2827	rh->id, "+.gnunet", GNUNET_GNS_RECORD_REV);
		2828
		2829	gns_resolver_lookup_record(rh->authority,
		2830	rh->private_local_zone,
		2831	GNUNET_GNS_RECORD_REV,
		2832	GNUNET_GNS_TLD,
		2833	rh->priv_key,
		2834	GNUNET_TIME_UNIT_FOREVER_REL,
		2835	GNUNET_NO,
		2836	&background_lookup_result_processor,
		2837	NULL);
		2838	}
		2839
		2840	/**
		2841	* We are done with PKEY resolution if name is empty
		2842	* else resolve again with new authority
		2843	*/
		2844	if (strcmp (rh->name, "") == 0)
		2845	rh->proc (rh->proc_cls, rh, 0, NULL);
		2846	else
		2847	resolve_delegation_ns (rh);
		2848	return;
		2849	}
2763		2850
2764		2851
2765	/**	2852	/**
@@ -2777,7 +2864,7 @@ handle_delegation_ns (void* cls, struct ResolverHandle *rh,
2777	* @param signature the signature of the authority for the record data	2864	* @param signature the signature of the authority for the record data
2778	*/	2865	*/
2779	static void	2866	static void
2780	process_delegation_result_ns(void* cls,	2867	process_delegation_result_ns (void* cls,
2781	const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,	2868	const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
2782	struct GNUNET_TIME_Absolute expiration,	2869	struct GNUNET_TIME_Absolute expiration,
2783	const char *name,	2870	const char *name,
@@ -2962,22 +3049,15 @@ process_delegation_result_ns(void* cls,
2962	rh->authority_chain_tail,	3049	rh->authority_chain_tail,
2963	auth);	3050	auth);
2964		3051
2965	/** try to import pkey if private key available	3052	/* Check for key revocation and delegate */
2966	* TODO: Only import last one?	3053	GNUNET_NAMESTORE_lookup_record (namestore_handle,
2967	*/	3054	&rh->authority,
2968	//if (rh->priv_key && (name != NULL) && is_canonical (rh->name))	3055	"+",
2969	// process_discovered_authority((char*)name, auth->zone,	3056	GNUNET_GNS_RECORD_REV,
2970	// rh->authority_chain_tail->zone,	3057	&process_pkey_revocation_result_ns,
2971	// rh->priv_key);	3058	rh);
2972	/**
2973	* We are done with PKEY resolution if name is empty
2974	* else resolve again with new authority
2975	*/
2976	if (strcmp (rh->name, "") == 0)
2977	rh->proc (rh->proc_cls, rh, rd_count, rd);
2978	else
2979	resolve_delegation_ns (rh);
2980	return;	3059	return;
		3060
2981	}	3061	}
2982		3062
2983	/**	3063	/**