- big shorten algorithm rewrite

- API change for lookup - tests fixed - introduces 3 zone system: root, private and shortened
author: Martin Schanzenbach <mschanzenbach@posteo.de> 2012-06-13 17:36:47 +0000
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2012-06-13 17:36:47 +0000
commit: 1f5326cd1032cbcc914c7809df1a64994eeebbe9 (patch)
tree: bd04389845d0b3096d98e3e97033040486108830 /src/gns
parent: a8c5598ba43fcd61a5a340f14a3bab1613adbe7c (diff)
download: gnunet-1f5326cd1032cbcc914c7809df1a64994eeebbe9.tar.gz
gnunet-1f5326cd1032cbcc914c7809df1a64994eeebbe9.zip
17 files changed, 775 insertions, 388 deletions
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in
index 8484f1810..406d59464 100644
--- a/src/gns/gns.conf.in
+++ b/src/gns/gns.conf.in
@@ -6,6 +6,10 @@ CONFIG = $DEFAULTCONFIG
 BINARY = gnunet-service-gns
 UNIXPATH = /tmp/gnunet-service-gns.sock
 ZONEKEY = $SERVICEHOME/gns/zonekey.zkey
+PRIVATE_ZONE = private
+PRIVATE_ZONEKEY = $SERVICEHOME/gns/zonekey_priv.zkey
+SHORTEN_ZONE = short
+SHORTEN_ZONEKEY = $SERVICEHOME/gns/zonekey_short.zkey
 HIJACK_DNS = NO
 AUTO_IMPORT_PKEY = YES
 AUTO_IMPORT_ZONEKEY = $SERVICEHOME/gns/shorten_zonekey.zkey
diff --git a/src/gns/gns.h b/src/gns/gns.h
index 686729dd7..e34d0a086 100644
--- a/src/gns/gns.h
+++ b/src/gns/gns.h
@@ -63,25 +63,22 @@ struct GNUNET_GNS_ClientLookupMessage
  uint32_t use_default_zone GNUNET_PACKED;
  /**
-   * If use_default_zone is empty this zone is used for lookup
+   * Is a shorten key attached?
   */
-  struct GNUNET_CRYPTO_ShortHashCode zone;
+  uint32_t have_key GNUNET_PACKED;
  /**
-   * Should we use a shorten zone?
+   * If use_default_zone is empty this zone is used for lookup
-   */
-  uint32_t use_shorten_zone GNUNET_PACKED;
-  /**
-   * If use_shorten_zone is set use this zone for shortening
   */
-  struct GNUNET_CRYPTO_ShortHashCode shorten_zone;
+  struct GNUNET_CRYPTO_ShortHashCode zone;
  /**
   * the type of record to look up
   */
  enum GNUNET_GNS_RecordType type;
+  /* Followed by the key for shorten (optional) see have_key */
  /* Followed by the name to look up */
 };
@@ -136,16 +133,6 @@ struct GNUNET_GNS_ClientShortenMessage
   */
  struct GNUNET_CRYPTO_ShortHashCode zone;
  
-  /**
-   * Should we use a shorten zone?
-   */
-  uint32_t use_shorten_zone GNUNET_PACKED;
-  /**
-   * If use_shorten_zone is set use this zone for shortening
-   */
-  struct GNUNET_CRYPTO_ShortHashCode shorten_zone;
-  
  /* Followed by the name to shorten up */
 };
diff --git a/src/gns/gns_api.c b/src/gns/gns_api.c
index 2e1e9712c..9806082bc 100644
--- a/src/gns/gns_api.c
+++ b/src/gns/gns_api.c
@@ -640,9 +640,9 @@ get_request_id (struct GNUNET_GNS_Handle *h)
 * @param handle handle to the GNS service
 * @param name the name to look up
 * @param zone the zone to start the resolution in
- * @param shorten_zone the zone where to shorten names into
 * @param type the record type to look up
 * @param only_cached GNUNET_NO to only check locally not DHT for performance
+ * @param shorten_key the private key of the shorten zone (can be NULL)
 * @param proc processor to call on result
 * @param proc_cls closure for processor
 * @return handle to the get
@@ -651,9 +651,9 @@ struct GNUNET_GNS_QueueEntry *
 GNUNET_GNS_lookup_zone (struct GNUNET_GNS_Handle *handle,
                   const char * name,
                   struct GNUNET_CRYPTO_ShortHashCode *zone,
-                   struct GNUNET_CRYPTO_ShortHashCode *shorten_zone,
                   enum GNUNET_GNS_RecordType type,
                   int only_cached,
+                   struct GNUNET_CRYPTO_RsaPrivateKey *shorten_key,
                   GNUNET_GNS_LookupResultProcessor proc,
                   void *proc_cls)
 {
@@ -662,13 +662,24 @@ GNUNET_GNS_lookup_zone (struct GNUNET_GNS_Handle *handle,
  struct GNUNET_GNS_QueueEntry *qe;
  size_t msize;
  struct PendingMessage *pending;
+  struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *pkey_enc=NULL;
+  size_t key_len = 0;
+  char* pkey_tmp;
+  if (NULL != shorten_key)
+  {
+    pkey_enc = GNUNET_CRYPTO_rsa_encode_key (shorten_key);
+    GNUNET_assert (pkey_enc != NULL);
+    key_len = ntohs (pkey_enc->len);
+  }
  if (NULL == name)
  {
    return NULL;
  }
-  msize = sizeof (struct GNUNET_GNS_ClientLookupMessage) + strlen(name) + 1;
+  msize = sizeof (struct GNUNET_GNS_ClientLookupMessage)
+    + key_len + strlen(name) + 1;
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to lookup %s in GNS\n", name);
  qe = GNUNET_malloc(sizeof (struct GNUNET_GNS_QueueEntry));
@@ -701,26 +712,23 @@ GNUNET_GNS_lookup_zone (struct GNUNET_GNS_Handle *handle,
    memset(&lookup_msg->zone, 0, sizeof(struct GNUNET_CRYPTO_ShortHashCode));
  }
  
-  if (NULL != shorten_zone)
+  lookup_msg->type = htonl(type);
+  pkey_tmp = (char *) &lookup_msg[1];
+  
+  if (pkey_enc != NULL)
  {
-    lookup_msg->use_shorten_zone = htonl(1);
+    lookup_msg->have_key = htonl(1);
-    memcpy(&lookup_msg->shorten_zone, shorten_zone,
+    memcpy(pkey_tmp, pkey_enc, key_len);
-           sizeof(struct GNUNET_CRYPTO_ShortHashCode));
  }
  else
-  {
+    lookup_msg->have_key = htonl(0);
-    lookup_msg->use_shorten_zone = htonl(0);
-    memset(&lookup_msg->shorten_zone, 0,
-           sizeof(struct GNUNET_CRYPTO_ShortHashCode));
-  }
-  
-  lookup_msg->type = htonl(type);
-  memcpy(&lookup_msg[1], name, strlen(name));
+  memcpy(&pkey_tmp[key_len], name, strlen(name));
  GNUNET_CONTAINER_DLL_insert_tail (handle->pending_head, handle->pending_tail,
                               pending);
-  
+  GNUNET_free_non_null (pkey_enc);
  process_pending_messages (handle);
  return qe;
 }
@@ -732,6 +740,7 @@ GNUNET_GNS_lookup_zone (struct GNUNET_GNS_Handle *handle,
 * @param name the name to look up
 * @param type the record type to look up
 * @param only_cached GNUNET_NO to only check locally not DHT for performance
+ * @param shorten_key the private key of the shorten zone (can be NULL)
 * @param proc processor to call on result
 * @param proc_cls closure for processor
 * @return handle to the get
@@ -741,12 +750,15 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
                   const char * name,
                   enum GNUNET_GNS_RecordType type,
                   int only_cached,
+                   struct GNUNET_CRYPTO_RsaPrivateKey *shorten_key,
                   GNUNET_GNS_LookupResultProcessor proc,
                   void *proc_cls)
 {
  return GNUNET_GNS_lookup_zone (handle, name,
-                                 NULL, NULL,
+                                 NULL,
-                                 type, only_cached, proc, proc_cls);
+                                 type, only_cached,
+                                 shorten_key,
+                                 proc, proc_cls);
 }
 /**
@@ -755,7 +767,6 @@ GNUNET_GNS_lookup (struct GNUNET_GNS_Handle *handle,
 * @param handle handle to the GNS service
 * @param name the name to look up
 * @param zone the zone to start the resolution in
- * @param shorten_zone the zone where to shorten names into
 * @param proc function to call on result
 * @param proc_cls closure for processor
 * @return handle to the operation
@@ -764,7 +775,6 @@ struct GNUNET_GNS_QueueEntry *
 GNUNET_GNS_shorten_zone (struct GNUNET_GNS_Handle *handle,
                    const char * name,
                    struct GNUNET_CRYPTO_ShortHashCode *zone,
-                    struct GNUNET_CRYPTO_ShortHashCode *shorten_zone,
                    GNUNET_GNS_ShortenResultProcessor proc,
                    void *proc_cls)
 {
@@ -812,19 +822,6 @@ GNUNET_GNS_shorten_zone (struct GNUNET_GNS_Handle *handle,
    memset(&shorten_msg->zone, 0, sizeof(struct GNUNET_CRYPTO_ShortHashCode));
  }
  
-  if (NULL != shorten_zone)
-  {
-    shorten_msg->use_shorten_zone = htonl(1);
-    memcpy(&shorten_msg->shorten_zone, shorten_zone,
-           sizeof(struct GNUNET_CRYPTO_ShortHashCode));
-  }
-  else
-  {
-    shorten_msg->use_shorten_zone = htonl(0);
-    memset(&shorten_msg->shorten_zone, 0,
-           sizeof(struct GNUNET_CRYPTO_ShortHashCode));
-  }
-  
  memcpy(&shorten_msg[1], name, strlen(name));
  GNUNET_CONTAINER_DLL_insert_tail (handle->pending_head, handle->pending_tail,
@@ -849,7 +846,7 @@ GNUNET_GNS_shorten (struct GNUNET_GNS_Handle *handle,
                    GNUNET_GNS_ShortenResultProcessor proc,
                    void *proc_cls)
 {
-  return GNUNET_GNS_shorten_zone (handle, name, NULL, NULL, proc, proc_cls);
+  return GNUNET_GNS_shorten_zone (handle, name, NULL, proc, proc_cls);
 }
 /**
 * Perform an authority lookup for a given name.
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 4effc0f04..a2c7d181e 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -292,17 +292,14 @@ static regex_t re_dotplus;
 /* The users local GNS zone hash */
 static struct GNUNET_CRYPTO_ShortHashCode local_gns_zone;
-/* The users local shorten zone hash */
-static struct GNUNET_CRYPTO_ShortHashCode local_shorten_zone;
 /* The CA for SSL certificate generation */
 static struct ProxyCA proxy_ca;
 /* UNIX domain socket for mhd */
 struct GNUNET_NETWORK_Handle *mhd_unix_socket;
-/* Shorten names? */
+/* Shorten zone private key */
-int use_shorten;
+struct GNUNET_CRYPTO_RsaPrivateKey *shorten_zonekey;
 /**
 * Checks if name is in tld
@@ -1110,9 +1107,9 @@ process_get_authority (void *cls,
  GNUNET_GNS_lookup_zone (gns_handle,
                          ctask->host,
                          &local_gns_zone,
-                          &local_shorten_zone,
                          GNUNET_GNS_RECORD_LEHO,
                          GNUNET_YES, //Only cached for performance
+                          shorten_zonekey,
                          &process_leho_lookup,
                          ctask);
 }
@@ -2366,58 +2363,6 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
 }
 /**
- * Loads the users local shorten zone key
- *
- * @return GNUNET_YES on success
- */
-static int
-load_local_shorten_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
-{
-  char *keyfile;
-  struct GNUNET_CRYPTO_RsaPrivateKey *key = NULL;
-  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pkey;
-  struct GNUNET_CRYPTO_ShortHashCode *zone = NULL;
-  struct GNUNET_CRYPTO_ShortHashAsciiEncoded zonename;
-  if (GNUNET_NO == GNUNET_CONFIGURATION_get_value_yesno (cfg, "gns",
-                                                "AUTO_IMPORT_PKEY"))
-  {
-    return GNUNET_NO;
-  }
-  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
-                                                          "AUTO_IMPORT_ZONEKEY",
-                                                          &keyfile))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load shorten key config value! (not fatal)\n");
-    return GNUNET_NO;
-  }
-  if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load shorten key %s! (not fatal)\n", keyfile);
-    GNUNET_free(keyfile);
-    return GNUNET_NO;
-  }
-  key = GNUNET_CRYPTO_rsa_key_create_from_file (keyfile);
-  GNUNET_CRYPTO_rsa_key_get_public (key, &pkey);
-  GNUNET_CRYPTO_short_hash(&pkey,
-                           sizeof(struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded),
-                           &local_shorten_zone);
-  zone = &local_gns_zone;
-  GNUNET_CRYPTO_short_hash_to_enc (zone, &zonename);
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Using shorten zone: %s!\n", &zonename);
-  GNUNET_CRYPTO_rsa_key_free(key);
-  GNUNET_free(keyfile);
-  return GNUNET_YES;
-}
-/**
 * Main function that will be run
 *
 * @param cls closure
@@ -2436,6 +2381,7 @@ run (void *cls, char *const *args, const char *cfgfile,
  char* proxy_sockfile;
  char* cafile_cfg = NULL;
  char* cafile;
+  char* shorten_keyfile;
  curl_multi = NULL;
@@ -2471,7 +2417,26 @@ run (void *cls, char *const *args, const char *cfgfile,
  
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Loading Template\n");
+  
+  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy",
+                                                        "PROXY_CACERT",
+                                                        &shorten_keyfile))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unable to load shorten zonekey config value!\n");
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "No shorten key provided!\n");
+    return;
+  }
+  else
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Loading shorten zonekey %s!\n",
+                shorten_keyfile);
+    shorten_zonekey = GNUNET_CRYPTO_rsa_key_create_from_file (shorten_keyfile);
+    GNUNET_free (shorten_keyfile);
+  }
+  
  compile_regex (&re_dotplus, (char*) RE_A_HREF);
  gns_handle = GNUNET_GNS_connect (cfg);
@@ -2483,8 +2448,6 @@ run (void *cls, char *const *args, const char *cfgfile,
    return;
  }
-  use_shorten = load_local_shorten_key (cfg);
  if (NULL == gns_handle)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
diff --git a/src/gns/gnunet-gns.c b/src/gns/gnunet-gns.c
index 6b0ae5dca..a1614e7dd 100644
--- a/src/gns/gnunet-gns.c
+++ b/src/gns/gnunet-gns.c
@@ -149,10 +149,9 @@ run (void *cls, char *const *args, const char *cfgfile,
  struct GNUNET_CRYPTO_RsaPrivateKey *key = NULL;
  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pkey;
  struct GNUNET_CRYPTO_ShortHashCode *zone = NULL;
-  struct GNUNET_CRYPTO_ShortHashCode *shorten_zone = NULL;
  struct GNUNET_CRYPTO_ShortHashCode user_zone;
-  struct GNUNET_CRYPTO_ShortHashCode user_shorten_zone;
  struct GNUNET_CRYPTO_ShortHashAsciiEncoded zonename;
+  struct GNUNET_CRYPTO_RsaPrivateKey *shorten_key = NULL;
  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
                                                           "ZONEKEY", &keyfile))
@@ -182,29 +181,18 @@ run (void *cls, char *const *args, const char *cfgfile,
  }
  
  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
-                                                          "AUTO_IMPORT_ZONEKEY",
+                                                   "SHORTEN_ZONEKEY", &keyfile))
-                                                          &keyfile))
  {
    if (!raw)
      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                  "No private key for shorten zone found!\n");
+                  "No shorten key found!\n");
-    shorten_zone = NULL;
+    shorten_key = NULL;
  }
  else
  {
    if (GNUNET_YES == GNUNET_DISK_file_test (keyfile))
    {
-      key = GNUNET_CRYPTO_rsa_key_create_from_file (keyfile);
+      shorten_key = GNUNET_CRYPTO_rsa_key_create_from_file (keyfile);
-      GNUNET_CRYPTO_rsa_key_get_public (key, &pkey);
-      GNUNET_CRYPTO_short_hash(&pkey,
-                         sizeof(struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded),
-                         &user_shorten_zone);
-      shorten_zone = &user_shorten_zone;
-      GNUNET_CRYPTO_short_hash_to_enc (shorten_zone, &zonename);
-      if (!raw)
-        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                    "Using shorten zone: %s!\n", &zonename);
-      GNUNET_CRYPTO_rsa_key_free(key);
    }
    GNUNET_free(keyfile);
  }
@@ -226,7 +214,7 @@ run (void *cls, char *const *args, const char *cfgfile,
  {
    /** shorten name */
    GNUNET_GNS_shorten_zone (gns, shorten_name,
-                             zone, shorten_zone,
+                             zone,
                             &process_shorten_result,
                             shorten_name);
  }
@@ -236,9 +224,10 @@ run (void *cls, char *const *args, const char *cfgfile,
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Lookup\n");
    GNUNET_GNS_lookup_zone (gns, lookup_name,
-                            zone, shorten_zone,
+                            zone,
                            rtype,
                            GNUNET_YES, //Use DHT
+                            shorten_key,
                            &process_lookup_result, lookup_name);
  }
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index 8f8340207..79aedccf4 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -64,8 +64,16 @@ struct ClientShortenHandle
  struct GNUNET_CRYPTO_RsaPrivateKey *shorten_key;
  
  /* name to shorten */
-  char* name;
+  char name[MAX_DNS_NAME_LENGTH];
+  /* root zone */
+  struct GNUNET_CRYPTO_ShortHashCode root_zone;
+  /* private zone */
+  struct GNUNET_CRYPTO_ShortHashCode private_zone;
+  
+  /* shorten zone */
+  struct GNUNET_CRYPTO_ShortHashCode shorten_zone;
 };
@@ -94,6 +102,12 @@ struct ClientLookupHandle
  /* the requesting client that */
  struct GNUNET_SERVER_Client *client;
+  /* The zone we look up in */
+  struct GNUNET_CRYPTO_ShortHashCode zone;
+  /* Do we only want to lookup from local cache? */
+  int only_cached;
  /* request id */
  uint64_t unique_id;
@@ -167,6 +181,12 @@ static int auto_import_pkey;
 /* lookup timeout */
 static struct GNUNET_TIME_Relative default_lookup_timeout;
+/* name of the private zone */
+static char *private_zone_id;
+/* name of the public zone */
+static char *shorten_zone_id;
 /**
 * Continue shutdown
 */
@@ -424,56 +444,6 @@ update_zone_dht_start(void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
                                                 NULL);
 }
-/**
- * Lookup the shorten key for the zone
- *
- * @param short_zone the zone we want a private key for
- * @return NULL of not found else the key
- */
-struct GNUNET_CRYPTO_RsaPrivateKey*
-lookup_shorten_key(struct GNUNET_CRYPTO_ShortHashCode *short_zone)
-{
-  char* keydir;
-  struct GNUNET_CRYPTO_ShortHashAsciiEncoded zonename;
-  char* location;
-  struct GNUNET_CRYPTO_RsaPrivateKey *key = NULL;
-  
-  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-              "Looking for shorten zonekey\n");
-  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (GNS_cfg,
-                                                            "namestore",
-                                             "ZONEFILE_DIRECTORY", &keydir))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "No zonefile directory!\n");
-    return NULL;
-  }
-  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-              "Zonefile directory is %s\n", keydir);
-  GNUNET_CRYPTO_short_hash_to_enc (short_zone, &zonename);
-  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-              "Zonefile for shorten is %s.zkey\n", &zonename);
-  GNUNET_asprintf(&location, "%s%s%s.zkey", keydir,
-                  DIR_SEPARATOR_STR, &zonename);
-  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-              "Checking for %s\n", location);
-  if (GNUNET_YES == GNUNET_DISK_file_test (location))
-    key = GNUNET_CRYPTO_rsa_key_create_from_file (location);
-  GNUNET_free(location);
-  GNUNET_free(keydir);
-  return key;
-}
 /* END DHT ZONE PROPAGATION */
 /**
@@ -512,12 +482,115 @@ send_shorten_response(void* cls, const char* name)
  GNUNET_SERVER_receive_done (csh->client, GNUNET_OK);
  
  GNUNET_free(rmsg);
-  GNUNET_free_non_null(csh->name);
  GNUNET_free_non_null(csh->shorten_key);
  GNUNET_free(csh);
 }
+static void
+process_shorten_zone_shorten (void *cls,
+                      const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
+                      struct GNUNET_TIME_Absolute expiration,
+                      const char *name,
+                      unsigned int rd_count,
+                      const struct GNUNET_NAMESTORE_RecordData *rd,
+                      const struct GNUNET_CRYPTO_RsaSignature *signature)
+{
+  struct ClientShortenHandle *csh = cls;
+  struct GNUNET_TIME_Relative remaining_time;
+  remaining_time = GNUNET_TIME_absolute_get_remaining (expiration);
+  if ((rd_count == 1) &&
+      (remaining_time.rel_value != 0))
+  {
+    remaining_time = GNUNET_TIME_absolute_get_remaining (rd->expiration);
+    if ((rd->record_type == GNUNET_GNS_RECORD_PKEY) &&
+        (remaining_time.rel_value != 0))
+    {
+      csh->shorten_zone = *((struct GNUNET_CRYPTO_ShortHashCode*)rd->data);
+    }
+  }
+  gns_resolver_shorten_name (&csh->root_zone,
+                             &csh->private_zone,
+                             &csh->shorten_zone,
+                             csh->name,
+                             private_zone_id,
+                             shorten_zone_id,
+                             &send_shorten_response, csh);
+}
+static void
+process_private_zone_shorten (void *cls,
+                      const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
+                      struct GNUNET_TIME_Absolute expiration,
+                      const char *name,
+                      unsigned int rd_count,
+                      const struct GNUNET_NAMESTORE_RecordData *rd,
+                      const struct GNUNET_CRYPTO_RsaSignature *signature)
+{
+  struct GNUNET_TIME_Relative remaining_time;
+  struct ClientShortenHandle *csh = cls;
+  remaining_time = GNUNET_TIME_absolute_get_remaining (expiration);
+  if ((rd_count == 1) &&
+      (remaining_time.rel_value != 0))
+  {
+    remaining_time = GNUNET_TIME_absolute_get_remaining (rd->expiration);
+    if ((rd->record_type == GNUNET_GNS_RECORD_PKEY) &&
+        (remaining_time.rel_value != 0))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+                  "Looking for shorten zone in private zone\n");
+      csh->private_zone = *((struct GNUNET_CRYPTO_ShortHashCode*)rd->data);
+      GNUNET_NAMESTORE_lookup_record (namestore_handle,
+                                      &csh->private_zone,
+                                      shorten_zone_id,
+                                      GNUNET_GNS_RECORD_ANY,
+                                      &process_shorten_zone_shorten,
+                                      cls);
+    }
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "No private zone found!\n");
+  gns_resolver_shorten_name (&csh->root_zone,
+                             &csh->private_zone,
+                             &csh->shorten_zone,
+                             csh->name,
+                             private_zone_id,
+                             shorten_zone_id,
+                             &send_shorten_response, csh);
+}
+/**
+ * Lookup the zone infos and shorten name
+ *
+ * @param csh the shorten handle
+ *
+ */
+static void
+start_shorten_name (struct ClientShortenHandle *csh)
+{
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "Looking for private zone in root zone\n");
+  GNUNET_NAMESTORE_lookup_record (namestore_handle,
+                                  &csh->root_zone,
+                                  private_zone_id,
+                                  GNUNET_GNS_RECORD_ANY,
+                                  &process_private_zone_shorten,
+                                  csh);
+}
 /**
 * Handle a shorten message from the api
 *
@@ -525,9 +598,9 @@ send_shorten_response(void* cls, const char* name)
 * @param client the client
 * @param message the message
 */
-static void handle_shorten(void *cls,
+static void handle_shorten (void *cls,
-                           struct GNUNET_SERVER_Client * client,
+                            struct GNUNET_SERVER_Client * client,
-                           const struct GNUNET_MessageHeader * message)
+                            const struct GNUNET_MessageHeader * message)
 {
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received `%s' message\n", "SHORTEN");
@@ -535,8 +608,6 @@ static void handle_shorten(void *cls,
  struct ClientShortenHandle *csh;
  char name[MAX_DNS_NAME_LENGTH];
  char* nameptr = name;
-  struct GNUNET_CRYPTO_ShortHashCode zone;
-  struct GNUNET_CRYPTO_RsaPrivateKey *key;
  if (ntohs (message->size) < sizeof (struct GNUNET_GNS_ClientShortenMessage))
  {
@@ -568,7 +639,6 @@ static void handle_shorten(void *cls,
  if (strlen (name) < strlen(GNUNET_GNS_TLD)) {
    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
               "SHORTEN: %s is too short", name);
-    csh->name = NULL;
    send_shorten_response(csh, name);
    return;
  }
@@ -576,7 +646,6 @@ static void handle_shorten(void *cls,
  if (strlen (name) > MAX_DNS_NAME_LENGTH) {
    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
               "SHORTEN: %s is too long", name);
-    csh->name = NULL;
    send_shorten_response(csh, name);
    return;
  }
@@ -585,34 +654,21 @@ static void handle_shorten(void *cls,
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "%s is not our domain. Returning\n", name);
-    csh->name = NULL;
    send_shorten_response(csh, name);
    return;
  }
+  strcpy (csh->name, name);
  
  GNUNET_SERVER_notification_context_add (nc, client);
  
  if (1 == ntohl(sh_msg->use_default_zone))
-    zone = zone_hash; //Default zone
+    csh->root_zone = zone_hash; //Default zone
  else
-    zone = sh_msg->zone;
+    csh->root_zone = sh_msg->zone;
+  start_shorten_name (csh);
  
-  /* Start shortening */
-  if (GNUNET_YES == auto_import_pkey)
-  {
-    if (0 == ntohl(sh_msg->use_shorten_zone))
-      key = NULL;
-    else
-    {
-      key = lookup_shorten_key(&sh_msg->shorten_zone);
-      csh->shorten_key = key;
-    }
-    gns_resolver_shorten_name(zone, zone, name, key,
-                              &send_shorten_response, csh);
-  }
-  else
-    gns_resolver_shorten_name(zone, zone, name, NULL,
-                              &send_shorten_response, csh);
 }
@@ -823,9 +879,10 @@ handle_lookup(void *cls,
  char name[MAX_DNS_NAME_LENGTH];
  struct ClientLookupHandle *clh;
  char* nameptr = name;
-  struct GNUNET_CRYPTO_RsaPrivateKey *key = NULL;
-  struct GNUNET_CRYPTO_ShortHashCode zone;
  int only_cached;
+  struct GNUNET_CRYPTO_RsaPrivateKey *key;
+  struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *pkey;
+  char* tmp_pkey;
  if (ntohs (message->size) < sizeof (struct GNUNET_GNS_ClientLookupMessage))
  {
@@ -847,8 +904,20 @@ handle_lookup(void *cls,
    GNUNET_SERVER_receive_done (client, GNUNET_OK);
    return;
  }
+  if (1 == ntohl(sh_msg->have_key))
+  {
+    pkey = (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *)&sh_msg[1];
+    tmp_pkey = (char*)&sh_msg[1];
+    key = GNUNET_CRYPTO_rsa_decode_key (tmp_pkey, ntohs(pkey->len));
+    GNUNET_STRINGS_utf8_tolower(&tmp_pkey[ntohs(pkey->len)], &nameptr);
+  }
+  else
+  {
+    key = NULL;
+    GNUNET_STRINGS_utf8_tolower((char*)&sh_msg[1], &nameptr);
+  }
  
-  GNUNET_STRINGS_utf8_tolower((char*)&sh_msg[1], &nameptr);
  namelen = strlen(name)+1;
  clh = GNUNET_malloc(sizeof(struct ClientLookupHandle));
  clh->client = client;
@@ -856,7 +925,7 @@ handle_lookup(void *cls,
  strcpy(clh->name, name);
  clh->unique_id = sh_msg->id;
  clh->type = ntohl(sh_msg->type);
-  clh->shorten_key = NULL;
+  clh->shorten_key = key;
  only_cached = ntohl(sh_msg->only_cached);
  
@@ -869,33 +938,25 @@ handle_lookup(void *cls,
  }
  if (1 == ntohl(sh_msg->use_default_zone))
-    zone = zone_hash; //Default zone
+    clh->zone = zone_hash; //Default zone
  else
-    zone = sh_msg->zone;
+    clh->zone = sh_msg->zone;
  
  if (GNUNET_YES == auto_import_pkey)
  {
-    if (1 == ntohl(sh_msg->use_shorten_zone))
+    gns_resolver_lookup_record (clh->zone, clh->zone, clh->type, clh->name,
-      key = zone_key;
+                                clh->shorten_key,
-    else
+                                default_lookup_timeout,
-    {
+                                clh->only_cached,
-      key = lookup_shorten_key(&sh_msg->shorten_zone);
+                                &send_lookup_response, clh);  
-      clh->shorten_key = key;
-    }
-    
-    gns_resolver_lookup_record(zone, zone, clh->type, name,
-                               key,
-                               default_lookup_timeout,
-                               only_cached,
-                               &send_lookup_response, clh);
  }
  else
  {
-    gns_resolver_lookup_record(zone, zone, clh->type, name,
+    gns_resolver_lookup_record (clh->zone, clh->zone, clh->type, name,
-                               NULL,
+                                NULL,
-                               default_lookup_timeout,
+                                default_lookup_timeout,
-                               only_cached,
+                                only_cached,
-                               &send_lookup_response, clh);
+                                &send_lookup_response, clh);
  }
 }
@@ -977,6 +1038,22 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
  }
+  if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (c, "gns",
+                                                          "PRIVATE_ZONE",
+                                                          &private_zone_id))
+  {
+    GNUNET_log(GNUNET_ERROR_TYPE_INFO,
+               "Private zone id: %s\n", private_zone_id);
+  }
+  if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (c, "gns",
+                                                          "SHORTEN_ZONE",
+                                                          &shorten_zone_id))
+  {
+    GNUNET_log(GNUNET_ERROR_TYPE_INFO,
+               "Shorten zone id: %s\n", shorten_zone_id);
+  }
  dht_max_update_interval = GNUNET_GNS_DHT_MAX_UPDATE_INTERVAL;
  if (GNUNET_OK ==
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 71f42e941..ff7842758 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -168,6 +168,7 @@ process_pseu_lookup_ns (void* cls,
        GNUNET_free (gph->ahead);
        gph->ahead = iter;
      } while (iter != NULL);
+      GNUNET_CRYPTO_rsa_key_free (gph->key);
      GNUNET_free (gph);
      return;
@@ -208,8 +209,8 @@ process_pseu_lookup_ns (void* cls,
    GNUNET_free (gph->ahead);
    gph->ahead = iter;
  } while (iter != NULL);
+  GNUNET_CRYPTO_rsa_key_free (gph->key);
-  GNUNET_free(gph);
+  GNUNET_free (gph);
 }
@@ -329,7 +330,7 @@ process_auth_discovery_dht_result(void* cls,
      GNUNET_free (gph->ahead);
      gph->ahead = iter;
    } while (iter != NULL);
+    GNUNET_CRYPTO_rsa_key_free (gph->key);
    GNUNET_free (gph);
    return;
  }
@@ -528,7 +529,7 @@ process_zone_to_name_discover (void *cls,
      GNUNET_free (gph->ahead);
      gph->ahead = iter;
    } while (iter != NULL);
+    GNUNET_CRYPTO_rsa_key_free (gph->key);
    GNUNET_free (gph);
  }
  else
@@ -579,6 +580,7 @@ start_shorten (struct AuthorityChain *atail,
  struct AuthorityChain *acopy;
  struct GetPseuAuthorityHandle *gph;
  struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pkey;
+  struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *pb_key;
  /* First copy the authority chain in reverse order */
  for (iter = atail; iter != NULL; iter = iter->prev)
@@ -593,7 +595,9 @@ start_shorten (struct AuthorityChain *atail,
  gph = GNUNET_malloc (sizeof (struct GetPseuAuthorityHandle));
  GNUNET_CRYPTO_rsa_key_get_public (key, &pkey);
-  gph->key = key;//GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
+  pb_key = GNUNET_CRYPTO_rsa_encode_key (key);
+  gph->key = GNUNET_CRYPTO_rsa_decode_key ((char*)pb_key, ntohs (pb_key->len));
+  //gph->key = key;//GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
  //memcpy (gph->key, key, sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
  
  GNUNET_CRYPTO_short_hash (&pkey,
@@ -2293,6 +2297,12 @@ gns_resolver_lookup_record(struct GNUNET_CRYPTO_ShortHashCode zone,
  rh->get_handle = NULL;
  rh->private_local_zone = pzone;
  rh->only_cached = only_cached;
+  
+  if (NULL == key)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "No shorten key for resolution\n");
+  }
  if (timeout.rel_value != GNUNET_TIME_UNIT_FOREVER_REL.rel_value)
  {
@@ -2394,7 +2404,6 @@ gns_resolver_lookup_record(struct GNUNET_CRYPTO_ShortHashCode zone,
 /******** END Record Resolver ***********/
 /**
 * Callback calles by namestore for a zone to name
 * result
@@ -2408,7 +2417,29 @@ gns_resolver_lookup_record(struct GNUNET_CRYPTO_ShortHashCode zone,
 * @param signature the signature for the record data
 */
 static void
-process_zone_to_name_shorten(void *cls,
+process_zone_to_name_shorten_root (void *cls,
+                 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *zone_key,
+                 struct GNUNET_TIME_Absolute expire,
+                 const char *name,
+                 unsigned int rd_len,
+                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                 const struct GNUNET_CRYPTO_RsaSignature *signature);
+/**
+ * Callback called by namestore for a zone to name
+ * result
+ *
+ * @param cls the closure
+ * @param zone_key the zone we queried
+ * @param expire the expiration time of the name
+ * @param name the name found or NULL
+ * @param rd_len number of records for the name
+ * @param rd the record data (PKEY) for the name
+ * @param signature the signature for the record data
+ */
+static void
+process_zone_to_name_shorten_shorten (void *cls,
                 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *zone_key,
                 struct GNUNET_TIME_Absolute expire,
                 const char *name,
@@ -2424,53 +2455,184 @@ process_zone_to_name_shorten(void *cls,
  char tmp_name[MAX_DNS_NAME_LENGTH];
  size_t answer_len;
  
-  /* we found a match in our own zone */
+  /* we found a match in our own root zone */
  if (rd_len != 0)
  {
    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
               "result strlen %d\n", strlen(name));
    answer_len = strlen(rh->name) + strlen(name) + strlen(GNUNET_GNS_TLD) + 3;
    memset(result, 0, answer_len);
    if (strlen(rh->name) > 0)
    {
-      strcpy(result, rh->name);
+      sprintf (result, "%s.%s.%s.%s.%s",
-      strcpy(result+strlen(rh->name), ".");
+               rh->name, name,
+               nsh->shorten_zone_name, nsh->private_zone_name,
+               GNUNET_GNS_TLD);
+    }
+    else
+    {
+      sprintf (result, "%s.%s.%s.%s", name,
+               nsh->shorten_zone_name, nsh->private_zone_name,
+               GNUNET_GNS_TLD);
    }
-    
-    strcpy(result+strlen(result), name);
-    strcpy(result+strlen(result), ".");
-    strcpy(result+strlen(result), GNUNET_GNS_TLD);
    
    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-               "Sending shorten result %s\n", result);
+               "Found shorten result %s\n", result);
+    if (strlen (nsh->result) > strlen (result))
-    nsh->proc(nsh->proc_cls, result);
+      strcpy (nsh->result, result);
-    GNUNET_free(nsh);
-    free_resolver_handle(rh);
  }
  else if (GNUNET_CRYPTO_short_hash_cmp(&rh->authority_chain_head->zone,
-                                        &rh->private_local_zone) == 0)
+                                        nsh->shorten_zone) == 0)
+  {
+    /**
+     * This is our zone append .gnunet unless name is empty
+     * (it shouldn't be, usually FIXME what happens if we
+     * shorten to our zone to a "" record??)
+     */
+    
+    sprintf (result, "%s.%s.%s.%s",
+             rh->name,
+             nsh->shorten_zone_name, nsh->private_zone_name,
+             GNUNET_GNS_TLD);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+               "Our zone: Found %s as shorten result\n", result);
+    
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
+    //nsh->proc(nsh->proc_cls, result);
+    //GNUNET_free(nsh);
+    //free_resolver_handle(rh);
+    //return;
+  }
+  
+  
+  /**
+   * No PSEU found.
+   * continue with next authority if exists
+   */
+  if ((rh->authority_chain_head->next == NULL))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Sending %s as shorten result\n", nsh->result);
+    nsh->proc(nsh->proc_cls, nsh->result);
+    GNUNET_free (nsh);
+    free_resolver_handle (rh);
+    return;
+  }
+  next_authority = rh->authority_chain_head;
+  
+  GNUNET_snprintf(tmp_name, MAX_DNS_NAME_LENGTH,
+                  "%s.%s", rh->name, next_authority->name);
+  
+  strcpy(rh->name, tmp_name);
+  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+             "No PSEU found for authority %s. Promoting back: %s\n",
+             next_authority->name, rh->name);
+  
+  GNUNET_CONTAINER_DLL_remove(rh->authority_chain_head,
+                            rh->authority_chain_tail,
+                            next_authority);
+  GNUNET_NAMESTORE_zone_to_name (namestore_handle,
+                                 &rh->authority_chain_tail->zone,
+                                 &rh->authority_chain_head->zone,
+                                 &process_zone_to_name_shorten_root,
+                                 rh);
+}
+/**
+ * Callback calles by namestore for a zone to name
+ * result
+ *
+ * @param cls the closure
+ * @param zone_key the zone we queried
+ * @param expire the expiration time of the name
+ * @param name the name found or NULL
+ * @param rd_len number of records for the name
+ * @param rd the record data (PKEY) for the name
+ * @param signature the signature for the record data
+ */
+static void
+process_zone_to_name_shorten_private (void *cls,
+                 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *zone_key,
+                 struct GNUNET_TIME_Absolute expire,
+                 const char *name,
+                 unsigned int rd_len,
+                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                 const struct GNUNET_CRYPTO_RsaSignature *signature)
+{
+  struct ResolverHandle *rh = (struct ResolverHandle *)cls;
+  struct NameShortenHandle* nsh = (struct NameShortenHandle*)rh->proc_cls;
+  struct AuthorityChain *next_authority;
+  char result[MAX_DNS_NAME_LENGTH];
+  char tmp_name[MAX_DNS_NAME_LENGTH];
+  size_t answer_len;
+  
+  /* we found a match in our own root zone */
+  if (rd_len != 0)
  {
-    /* our zone, just append .gnunet */
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-    answer_len = strlen(rh->name) + strlen(GNUNET_GNS_TLD) + 2;
+               "result strlen %d\n", strlen(name));
+    answer_len = strlen(rh->name) + strlen(name) + strlen(GNUNET_GNS_TLD) + 3;
    memset(result, 0, answer_len);
-    strcpy(result, rh->name);
-    strcpy(result+strlen(rh->name), ".");
-    strcpy(result+strlen(rh->name)+1, GNUNET_GNS_TLD);
+    if (strlen(rh->name) > 0)
+    {
+      sprintf (result, "%s.%s.%s", rh->name, name, GNUNET_GNS_TLD);
+    }
+    else
+    {
+      sprintf (result, "%s.%s", name, GNUNET_GNS_TLD);
+    }
+    
    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-               "Our zone: Sending name as shorten result %s\n", rh->name);
+               "Found shorten result %s\n", result);
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
+  }
+  else if (GNUNET_CRYPTO_short_hash_cmp(&rh->authority_chain_head->zone,
+                                        nsh->private_zone) == 0)
+  {
+    /**
+     * This is our zone append .gnunet unless name is empty
+     * (it shouldn't be, usually FIXME what happens if we
+     * shorten to our zone to a "" record??)
+     */
    
-    nsh->proc(nsh->proc_cls, result);
+    sprintf (result, "%s.%s.%s",
-    GNUNET_free(nsh);
+             rh->name, nsh->private_zone_name, GNUNET_GNS_TLD);
-    free_resolver_handle(rh);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+               "Our private zone: Found %s as shorten result %s\n", result);
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
+  }
+  
+  if (nsh->shorten_zone != NULL)
+  {
+    /* backtrack authorities for names in priv zone */
+    GNUNET_NAMESTORE_zone_to_name (namestore_handle,
+                                   nsh->shorten_zone,
+                                   &rh->authority_chain_head->zone,
+                                   &process_zone_to_name_shorten_shorten,
+                                   rh);
  }
  else
  {
    /**
     * No PSEU found.
-     * continue with next authority
+     * continue with next authority if exists
     */
+    if ((rh->authority_chain_head->next == NULL))
+    {
+      GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+                 "Sending %s as shorten result\n", nsh->result);
+      nsh->proc(nsh->proc_cls, nsh->result);
+      GNUNET_free(nsh);
+      free_resolver_handle(rh);
+      return;
+    }
    next_authority = rh->authority_chain_head;
    
    GNUNET_snprintf(tmp_name, MAX_DNS_NAME_LENGTH,
@@ -2488,32 +2650,125 @@ process_zone_to_name_shorten(void *cls,
    GNUNET_NAMESTORE_zone_to_name (namestore_handle,
                                   &rh->authority_chain_tail->zone,
                                   &rh->authority_chain_head->zone,
-                                   &process_zone_to_name_shorten,
+                                   &process_zone_to_name_shorten_root,
                                   rh);
  }
 }
 /**
- * DHT resolution for delegation. Processing result.
+ * Callback calles by namestore for a zone to name
+ * result
 *
 * @param cls the closure
- * @param rh resolver handle
+ * @param zone_key the zone we queried
- * @param rd_count number of results
+ * @param expire the expiration time of the name
- * @param rd record data
+ * @param name the name found or NULL
+ * @param rd_len number of records for the name
+ * @param rd the record data (PKEY) for the name
+ * @param signature the signature for the record data
 */
 static void
-handle_delegation_dht_bg_shorten(void* cls, struct ResolverHandle *rh,
+process_zone_to_name_shorten_root (void *cls,
-                          unsigned int rd_count,
+                 const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *zone_key,
-                          const struct GNUNET_NAMESTORE_RecordData *rd)
+                 struct GNUNET_TIME_Absolute expire,
+                 const char *name,
+                 unsigned int rd_len,
+                 const struct GNUNET_NAMESTORE_RecordData *rd,
+                 const struct GNUNET_CRYPTO_RsaSignature *signature)
 {
+  struct ResolverHandle *rh = (struct ResolverHandle *)cls;
+  struct NameShortenHandle* nsh = (struct NameShortenHandle*)rh->proc_cls;
+  struct AuthorityChain *next_authority;
+  char result[MAX_DNS_NAME_LENGTH];
+  char tmp_name[MAX_DNS_NAME_LENGTH];
+  size_t answer_len;
  
-  /* We resolved full name for delegation. resolving record */
+  /* we found a match in our own root zone */
-  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+  if (rd_len != 0)
-    "GNS_SHORTEN: Resolved up to %s for delegation via DHT in background.\n",
+  {
-    rh->name);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-  free_resolver_handle(rh);
+               "result strlen %d\n", strlen(name));
+    answer_len = strlen(rh->name) + strlen(name) + strlen(GNUNET_GNS_TLD) + 3;
+    memset(result, 0, answer_len);
+    if (strlen(rh->name) > 0)
+    {
+      sprintf (result, "%s.%s.%s", rh->name, name, GNUNET_GNS_TLD);
+    }
+    else
+    {
+      sprintf (result, "%s.%s", name, GNUNET_GNS_TLD);
+    }
+    
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+               "Found shorten result %s\n", result);
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
+  }
+  else if (GNUNET_CRYPTO_short_hash_cmp(&rh->authority_chain_head->zone,
+                                        nsh->root_zone) == 0)
+  {
+    /**
+     * This is our zone append .gnunet unless name is empty
+     * (it shouldn't be, usually FIXME what happens if we
+     * shorten to our zone to a "" record??)
+     */
+    
+    sprintf (result, "%s.%s", rh->name, GNUNET_GNS_TLD);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+               "Our zone: Found %s as shorten result\n", result);
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
+  }
+  
+  if (nsh->private_zone != NULL)
+  {
+    /* backtrack authorities for names in priv zone */
+    GNUNET_NAMESTORE_zone_to_name (namestore_handle,
+                                   nsh->private_zone,
+                                   &rh->authority_chain_head->zone,
+                                   &process_zone_to_name_shorten_private,
+                                   rh);
+  }
+  else
+  {
+    /**
+     * No PSEU found.
+     * continue with next authority if exists
+     */
+    if ((rh->authority_chain_head->next == NULL))
+    {
+      GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+                 "Sending %s as shorten result\n", nsh->result);
+      nsh->proc(nsh->proc_cls, nsh->result);
+      GNUNET_free(nsh);
+      free_resolver_handle(rh);
+      return;
+    }
+    next_authority = rh->authority_chain_head;
+    
+    GNUNET_snprintf(tmp_name, MAX_DNS_NAME_LENGTH,
+                    "%s.%s", rh->name, next_authority->name);
+    
+    strcpy(rh->name, tmp_name);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+               "No PSEU found for authority %s. Promoting back: %s\n",
+               next_authority->name, rh->name);
+    
+    GNUNET_CONTAINER_DLL_remove(rh->authority_chain_head,
+                              rh->authority_chain_tail,
+                              next_authority);
+    GNUNET_NAMESTORE_zone_to_name (namestore_handle,
+                                   &rh->authority_chain_tail->zone,
+                                   &rh->authority_chain_head->zone,
+                                   &process_zone_to_name_shorten_root,
+                                   rh);
+  }
 }
 /**
 * Process result from namestore delegation lookup
 * for shorten operation
@@ -2531,8 +2786,6 @@ handle_delegation_ns_shorten(void* cls,
 {
  struct NameShortenHandle *nsh;
  char result[MAX_DNS_NAME_LENGTH];
-  size_t answer_len;
-  struct ResolverHandle *rh_bg;
  nsh = (struct NameShortenHandle *)cls;
  
@@ -2545,9 +2798,10 @@ handle_delegation_ns_shorten(void* cls,
  
  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
             "PKEY resolved as far as possible in ns up to %s!\n", rh->name);
+  memset(result, 0, sizeof (result));
  if (GNUNET_CRYPTO_short_hash_cmp(&rh->authority_chain_head->zone,
-                                   &rh->private_local_zone) == 0)
+                                   nsh->root_zone) == 0)
  {
    /**
     * This is our zone append .gnunet unless name is empty
@@ -2555,64 +2809,57 @@ handle_delegation_ns_shorten(void* cls,
     * shorten to our zone to a "" record??)
     */
    
-    answer_len = strlen(rh->name) + strlen(GNUNET_GNS_TLD) + 2;
+    sprintf (result, "%s.%s", rh->name, GNUNET_GNS_TLD);
-    memset(result, 0, answer_len);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-    strcpy(result, rh->name);
+               "Our zone: Found %s as shorten result\n", result);
-    strcpy(result+strlen(rh->name), ".");
+    
-    strcpy(result+strlen(rh->name)+1, GNUNET_GNS_TLD);
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
+  }
+  else if (GNUNET_CRYPTO_short_hash_cmp(&rh->authority_chain_head->zone,
+                                        nsh->private_zone) == 0)
+  {
+    /**
+     * This is our zone append .gnunet unless name is empty
+     * (it shouldn't be, usually FIXME what happens if we
+     * shorten to our zone to a "" record??)
+     */
+    
+    sprintf (result, "%s.%s.%s",
+             rh->name, nsh->private_zone_name, GNUNET_GNS_TLD);
    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-               "Our zone: Sending name as shorten result %s\n", rh->name);
+               "Our zone: Found %s as shorten result %s\n", result);
    
-    nsh->proc(nsh->proc_cls, result);
+    if (strlen (nsh->result) > strlen (result))
-    GNUNET_free(nsh);
+      strcpy (nsh->result, result);
-    free_resolver_handle(rh);
-    return;
  }
-  
+  else if (GNUNET_CRYPTO_short_hash_cmp(&rh->authority_chain_head->zone,
-  /**
+                                        nsh->shorten_zone) == 0)
-   * we have to this before zone to name for rh might
-   * be freed by then
-   */
-  rh_bg = NULL;
-  if (!is_canonical(rh->name))
  {
-    rh_bg = GNUNET_malloc(sizeof(struct ResolverHandle));
+    /**
-    memcpy(rh_bg, rh, sizeof(struct ResolverHandle));
+     * This is our zone append .gnunet unless name is empty
-    rh_bg->id = rid++;
+     * (it shouldn't be, usually FIXME what happens if we
+     * shorten to our zone to a "" record??)
+     */
+    
+    sprintf (result, "%s.%s.%s",
+             rh->name, nsh->private_zone_name, GNUNET_GNS_TLD);
+    GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+               "Our zone: Found %s as shorten result\n", result);
+    
+    if (strlen (nsh->result) > strlen (result))
+      strcpy (nsh->result, result);
  }
+  
+  
  /* backtrack authorities for names */
  GNUNET_NAMESTORE_zone_to_name (namestore_handle,
-                                 &rh->authority_chain_tail->zone, //ours
+                                 nsh->root_zone,
                                 &rh->authority_chain_head->zone,
-                                 &process_zone_to_name_shorten,
+                                 &process_zone_to_name_shorten_root,
                                 rh);
  
-  if (rh_bg == NULL)
-  {
-    return;
-  }
-  /**
-   * If authority resolution is incomplete we can do a background lookup
-   * of the full name so that next time we can (likely) fully or at least
-   * further shorten the name
-   */
-  rh_bg->authority_chain_head = GNUNET_malloc(sizeof(struct AuthorityChain));
-  rh_bg->authority_chain_tail = rh_bg->authority_chain_head;
-  rh_bg->authority_chain_head->zone = rh_bg->authority;
-  
-  rh_bg->proc = &handle_delegation_dht_bg_shorten;
-  rh_bg->proc_cls = NULL;
-  rh_bg->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
-  
-  GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
-             "GNS_SHORTEN: Starting background lookup for %s\n",
-             rh_bg->name);
-  resolve_delegation_dht(rh_bg);
 }
@@ -2662,6 +2909,9 @@ process_zone_to_name_zkey(void *cls,
    else
      GNUNET_snprintf(new_name, MAX_DNS_NAME_LENGTH, "%s.%s",
                      enc, GNUNET_GNS_TLD_ZKEY);
+    strcpy (nsh->result, new_name);
    nsh->proc(nsh->proc_cls, new_name);
    GNUNET_free(nsh);
    free_resolver_handle(rh);
@@ -2692,20 +2942,24 @@ process_zone_to_name_zkey(void *cls,
 /**
 * Shorten api from resolver
 *
- * @param zone the zone to use
+ * @param zone the root zone to use
- * @param pzone the private local zone
+ * @param pzone the private zone to use
+ * @param szone the shorten zone to use
 * @param name the name to shorten
- * @param key optional private key for background lookups and PSEU import
+ * @param private_zone_name name of the private zone
+ * @param shorten_zone_name name of the shorten zone
 * @param proc the processor to call with result
 * @param proc_cls closure to pass to proc
 */
 void
-gns_resolver_shorten_name(struct GNUNET_CRYPTO_ShortHashCode zone,
+gns_resolver_shorten_name (struct GNUNET_CRYPTO_ShortHashCode *zone,
-                          struct GNUNET_CRYPTO_ShortHashCode pzone,
+                           struct GNUNET_CRYPTO_ShortHashCode *pzone,
-                          const char* name,
+                           struct GNUNET_CRYPTO_ShortHashCode *szone,
-                          struct GNUNET_CRYPTO_RsaPrivateKey *key,
+                           const char* name,
-                          ShortenResultProcessor proc,
+                           const char* private_zone_name,
-                          void* proc_cls)
+                           const char* shorten_zone_name,
+                           ShortenResultProcessor proc,
+                           void* proc_cls)
 {
  struct ResolverHandle *rh;
  struct NameShortenHandle *nsh;
@@ -2718,31 +2972,37 @@ gns_resolver_shorten_name(struct GNUNET_CRYPTO_ShortHashCode zone,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "Starting shorten for %s!\n", name);
  
-  if (is_canonical((char*)name))
+  if (is_canonical ((char*)name))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "%s is canonical. Returning verbatim\n", name);
-    proc(proc_cls, name);
+    proc (proc_cls, name);
    return;
  }
-  nsh = GNUNET_malloc(sizeof (struct NameShortenHandle));
+  nsh = GNUNET_malloc (sizeof (struct NameShortenHandle));
  nsh->proc = proc;
  nsh->proc_cls = proc_cls;
-  
+  nsh->root_zone = zone;
-  rh = GNUNET_malloc(sizeof (struct ResolverHandle));
+  nsh->private_zone = pzone;
-  rh->authority = zone;
+  nsh->shorten_zone = szone;
+  strcpy (nsh->private_zone_name, private_zone_name);
+  strcpy (nsh->shorten_zone_name, shorten_zone_name);
+  strcpy (nsh->result, name);
+  
+  rh = GNUNET_malloc (sizeof (struct ResolverHandle));
+  rh->authority = *zone;
  rh->id = rid++;
-  rh->priv_key = key;
+  rh->priv_key = NULL;
  rh->proc = &handle_delegation_ns_shorten;
  rh->proc_cls = nsh;
  rh->id = rid++;
-  rh->private_local_zone = pzone;
+  rh->private_local_zone = *zone;
  
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "Checking for TLD...\n");
-  if (is_zkey_tld(name) == GNUNET_YES)
+  if (is_zkey_tld (name) == GNUNET_YES)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "TLD is zkey\n");
@@ -2751,30 +3011,30 @@ gns_resolver_shorten_name(struct GNUNET_CRYPTO_ShortHashCode zone,
     * build hash and use as initial authority
     * FIXME sscanf
     */
-    memset(rh->name, 0,
+    memset (rh->name, 0,
-           strlen(name)-strlen(GNUNET_GNS_TLD_ZKEY));
+            strlen (name)-strlen (GNUNET_GNS_TLD_ZKEY));
-    memcpy(rh->name, name,
+    memcpy (rh->name, name,
-           strlen(name)-strlen(GNUNET_GNS_TLD_ZKEY) - 1);
+            strlen(name)-strlen (GNUNET_GNS_TLD_ZKEY) - 1);
-    pop_tld(rh->name, string_hash);
+    pop_tld (rh->name, string_hash);
    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                "ZKEY is %s!\n", string_hash);
    
-    GNUNET_STRINGS_utf8_toupper(string_hash, &nzkey_ptr);
+    GNUNET_STRINGS_utf8_toupper (string_hash, &nzkey_ptr);
-    if (GNUNET_OK != GNUNET_CRYPTO_short_hash_from_string(nzkey,
+    if (GNUNET_OK != GNUNET_CRYPTO_short_hash_from_string (nzkey,
-                                                          &zkey))
+                                                           &zkey))
    {
      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                  "Cannot convert ZKEY %s to hash!\n", nzkey);
-      GNUNET_free(rh);
+      GNUNET_free (rh);
-      GNUNET_free(nsh);
+      GNUNET_free (nsh);
-      proc(proc_cls, name);
+      proc (proc_cls, name);
      return;
    }
    GNUNET_NAMESTORE_zone_to_name (namestore_handle,
-                                   &zone, //ours
+                                   zone, //ours
                                   &zkey,
                                   &process_zone_to_name_zkey,
                                   rh);
@@ -2788,19 +3048,19 @@ gns_resolver_shorten_name(struct GNUNET_CRYPTO_ShortHashCode zone,
    /**
     * Presumably GNUNET tld
     */
-    memset(rh->name, 0,
+    memset (rh->name, 0,
-           strlen(name)-strlen(GNUNET_GNS_TLD));
+            strlen (name)-strlen (GNUNET_GNS_TLD));
-    memcpy(rh->name, name,
+    memcpy (rh->name, name,
-           strlen(name)-strlen(GNUNET_GNS_TLD) - 1);
+            strlen (name)-strlen (GNUNET_GNS_TLD) - 1);
  }
-  rh->authority_chain_head = GNUNET_malloc(sizeof(struct AuthorityChain));
+  rh->authority_chain_head = GNUNET_malloc (sizeof (struct AuthorityChain));
  rh->authority_chain_tail = rh->authority_chain_head;
-  rh->authority_chain_head->zone = zone;
+  rh->authority_chain_head->zone = *zone;
  
  
  /* Start delegation resolution in our namestore */
-  resolve_delegation_ns(rh);
+  resolve_delegation_ns (rh);
 }
 /*********** END NAME SHORTEN ********************/
diff --git a/src/gns/gnunet-service-gns_resolver.h b/src/gns/gnunet-service-gns_resolver.h
index 2a2c341d3..1b54d3c2c 100644
--- a/src/gns/gnunet-service-gns_resolver.h
+++ b/src/gns/gnunet-service-gns_resolver.h
@@ -206,6 +206,25 @@ struct NameShortenHandle
  /* closure to pass to proc */
  void* proc_cls;
+  /* result of shorten */
+  char result[MAX_DNS_NAME_LENGTH];
+  /* root zone */
+  struct GNUNET_CRYPTO_ShortHashCode *root_zone;
+  /* private zone */
+  struct GNUNET_CRYPTO_ShortHashCode *private_zone;
+  /* name of private zone */
+  char private_zone_name[MAX_DNS_LABEL_LENGTH];
+  /* shorten zone */
+  struct GNUNET_CRYPTO_ShortHashCode *shorten_zone;
+  /* name of shorten zone */
+  char shorten_zone_name[MAX_DNS_LABEL_LENGTH];
 };
 /**
@@ -309,18 +328,22 @@ gns_resolver_lookup_record(struct GNUNET_CRYPTO_ShortHashCode zone,
 * There is no guarantee that the shortened name will
 * actually be canonical/short etc.
 *
- * @param zone the zone to perform the operation in
+ * @param zone the root zone to use
- * @param pzone the private local zone
+ * @param pzone the private zone to use
+ * @param szone the shorten zone to use
 * @param name name to shorten
- * @param key optional private key for background lookups and PSEU import
+ * @param private_zone_name name of the private zone
+ * @param shorten_zone_name name of the shorten zone
 * @param proc the processor to call on shorten result
 * @param proc_cls the closure to pass to proc
 */
 void
-gns_resolver_shorten_name(struct GNUNET_CRYPTO_ShortHashCode zone,
+gns_resolver_shorten_name(struct GNUNET_CRYPTO_ShortHashCode *zone,
-                          struct GNUNET_CRYPTO_ShortHashCode pzone,
+                          struct GNUNET_CRYPTO_ShortHashCode *pzone,
+                          struct GNUNET_CRYPTO_ShortHashCode *szone,
                          const char* name,
-                          struct GNUNET_CRYPTO_RsaPrivateKey *key,
+                          const char* private_zone_name,
+                          const char* shorten_zone_name,
                          ShortenResultProcessor proc,
                          void* proc_cls);
diff --git a/src/gns/test_gns_dht_delegated_lookup.c b/src/gns/test_gns_dht_delegated_lookup.c
index e444023c8..07fa9f246 100644
--- a/src/gns/test_gns_dht_delegated_lookup.c
+++ b/src/gns/test_gns_dht_delegated_lookup.c
@@ -164,6 +164,7 @@ commence_testing (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  GNUNET_GNS_lookup(gns_handle, TEST_DOMAIN, GNUNET_GNS_RECORD_TYPE_A,
                    GNUNET_NO,
+                    NULL,
                    &on_lookup_result, TEST_DOMAIN);
 }
diff --git a/src/gns/test_gns_dht_threepeer.c b/src/gns/test_gns_dht_threepeer.c
index c001d54e2..ebc858741 100644
--- a/src/gns/test_gns_dht_threepeer.c
+++ b/src/gns/test_gns_dht_threepeer.c
@@ -205,6 +205,7 @@ commence_testing(void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
  GNUNET_GNS_lookup(gh, TEST_DOMAIN, GNUNET_GNS_RECORD_TYPE_A,
                    GNUNET_NO,
+                    NULL,
                    &on_lookup_result, TEST_DOMAIN);
  die_task =
    GNUNET_SCHEDULER_add_delayed (TIMEOUT, &end_badly, "from lookup");
diff --git a/src/gns/test_gns_max_queries.c b/src/gns/test_gns_max_queries.c
index 88d43dd78..45931b3b3 100644
--- a/src/gns/test_gns_max_queries.c
+++ b/src/gns/test_gns_max_queries.c
@@ -180,11 +180,13 @@ commence_testing (void *cls, int32_t success, const char *emsg)
                    "www.doesnotexist-%d.bob.gnunet", i);
    GNUNET_GNS_lookup(gns_handle, lookup_name, GNUNET_GNS_RECORD_TYPE_A,
                      GNUNET_NO,
+                      NULL,
                      &on_lookup_result_dummy, NULL);
  }
  GNUNET_GNS_lookup(gns_handle, TEST_DOMAIN, GNUNET_GNS_RECORD_TYPE_A,
                    GNUNET_NO,
+                    NULL,
                    &on_lookup_result, TEST_DOMAIN);
 }
diff --git a/src/gns/test_gns_pseu_shorten.c b/src/gns/test_gns_pseu_shorten.c
index 88fe17c29..34c69709b 100644
--- a/src/gns/test_gns_pseu_shorten.c
+++ b/src/gns/test_gns_pseu_shorten.c
@@ -43,14 +43,16 @@
 #define DEFAULT_NUM_PEERS 2
 /* test records to resolve */
-#define TEST_DOMAIN "www.alice.bob.gnunet"
+#define TEST_DOMAIN "www.alicewonderland.bobbuilder.gnunet"
 #define TEST_IP "127.0.0.1"
 #define TEST_RECORD_NAME "www"
-#define TEST_AUTHORITY_BOB "bob"
+#define TEST_PRIVATE_ZONE "private"
-#define TEST_AUTHORITY_ALICE "alice"
+#define TEST_SHORTEN_ZONE "short"
+#define TEST_AUTHORITY_BOB "bobbuilder"
+#define TEST_AUTHORITY_ALICE "alicewonderland"
 #define TEST_PSEU_ALICE "carol"
-#define TEST_EXPECTED_RESULT "www.carol.gnunet"
+#define TEST_EXPECTED_RESULT "www.carol.short.private.gnunet"
 #define DHT_OPERATION_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30)
@@ -85,12 +87,18 @@ const struct GNUNET_CONFIGURATION_Handle *cfg;
 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded alice_pkey;
 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded bob_pkey;
 struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded our_pkey;
+struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded priv_pkey;
+struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded short_pkey;
 struct GNUNET_CRYPTO_RsaPrivateKey *alice_key;
 struct GNUNET_CRYPTO_RsaPrivateKey *bob_key;
 struct GNUNET_CRYPTO_RsaPrivateKey *our_key;
+struct GNUNET_CRYPTO_RsaPrivateKey *priv_key;
+struct GNUNET_CRYPTO_RsaPrivateKey *short_key;
 struct GNUNET_CRYPTO_ShortHashCode alice_hash;
 struct GNUNET_CRYPTO_ShortHashCode bob_hash;
 struct GNUNET_CRYPTO_ShortHashCode our_zone;
+struct GNUNET_CRYPTO_ShortHashCode priv_zone;
+struct GNUNET_CRYPTO_ShortHashCode short_zone;
 /**
 * Check whether peers successfully shut down.
@@ -163,9 +171,9 @@ static void
 do_shorten(void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 {
  GNUNET_GNS_shorten_zone (gns_handle, TEST_DOMAIN,
-                     &our_zone, &our_zone,
+                     &our_zone,
                     &process_shorten_result,
-TEST_DOMAIN);
+                     TEST_DOMAIN);
 }
 static void
@@ -235,10 +243,11 @@ commence_testing (void *cls, int success)
  }
  GNUNET_GNS_lookup_zone (gns_handle, TEST_DOMAIN,
-                          &our_zone, &our_zone,
+                          &our_zone,
                          GNUNET_GNS_RECORD_TYPE_A,
                          GNUNET_NO,
-                    &on_lookup_result, TEST_DOMAIN);
+                          short_key,
+                          &on_lookup_result, TEST_DOMAIN);
 }
 /**
@@ -501,12 +510,49 @@ put_pkey_dht(void *cls, int32_t success, const char *emsg)
 }
 static void
-do_lookup(void *cls, const struct GNUNET_PeerIdentity *id,
+fin_init_zone (void *cls, int32_t success, const char *emsg)
-          const struct GNUNET_CONFIGURATION_Handle *_cfg,
+{
-          struct GNUNET_TESTING_Daemon *d, const char *emsg)
+  struct GNUNET_NAMESTORE_RecordData rd;
+  rd.expiration = GNUNET_TIME_UNIT_FOREVER_ABS;
+  rd.data_size = sizeof(struct GNUNET_CRYPTO_ShortHashCode);
+  rd.data = &bob_hash;
+  rd.record_type = GNUNET_GNS_RECORD_PKEY;
+  GNUNET_NAMESTORE_record_create (namestore_handle,
+                                  our_key,
+                                  TEST_AUTHORITY_BOB,
+                                  &rd,
+                                  &put_pkey_dht,
+                                  NULL);
+}
+static void
+cont_init_zone (void *cls, int32_t success, const char *emsg)
+{
+  struct GNUNET_NAMESTORE_RecordData rd;
+  rd.expiration = GNUNET_TIME_UNIT_FOREVER_ABS;
+  rd.data_size = sizeof(struct GNUNET_CRYPTO_ShortHashCode);
+  rd.data = &short_zone;
+  rd.record_type = GNUNET_GNS_RECORD_PKEY;
+  GNUNET_NAMESTORE_record_create (namestore_handle,
+                                  priv_key,
+                                  TEST_SHORTEN_ZONE,
+                                  &rd,
+                                  &fin_init_zone,
+                                  NULL);
+}
+static void
+do_lookup (void *cls, const struct GNUNET_PeerIdentity *id,
+           const struct GNUNET_CONFIGURATION_Handle *_cfg,
+           struct GNUNET_TESTING_Daemon *d, const char *emsg)
 {
  
-  
+  char* private_keyfile;
+  char* shorten_keyfile;
  char* our_keyfile;
  
  cfg = _cfg;
@@ -539,34 +585,63 @@ do_lookup(void *cls, const struct GNUNET_PeerIdentity *id,
    ok = -1;
    return;
  }
+  
+  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
+                                                          "SHORTEN_ZONEKEY",
+                                                          &shorten_keyfile))
+  {
+    GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
+               "Failed to get shorten zone key from cfg\n");
+    ok = -1;
+    return;
+  }
+  
+  if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
+                                                          "PRIVATE_ZONEKEY",
+                                                          &private_keyfile))
+  {
+    GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
+               "Failed to get private zone key from cfg\n");
+    ok = -1;
+    return;
+  }
  our_key = GNUNET_CRYPTO_rsa_key_create_from_file (our_keyfile);
+  priv_key = GNUNET_CRYPTO_rsa_key_create_from_file (private_keyfile);
+  short_key = GNUNET_CRYPTO_rsa_key_create_from_file (shorten_keyfile);
  bob_key = GNUNET_CRYPTO_rsa_key_create_from_file (KEYFILE_BOB);
  alice_key = GNUNET_CRYPTO_rsa_key_create_from_file (KEYFILE_ALICE);
  
  GNUNET_free(our_keyfile);
+  GNUNET_free(shorten_keyfile);
+  GNUNET_free(private_keyfile);
  GNUNET_CRYPTO_rsa_key_get_public (our_key, &our_pkey);
+  GNUNET_CRYPTO_rsa_key_get_public (priv_key, &priv_pkey);
+  GNUNET_CRYPTO_rsa_key_get_public (short_key, &short_pkey);
  GNUNET_CRYPTO_rsa_key_get_public (bob_key, &bob_pkey);
  GNUNET_CRYPTO_rsa_key_get_public (alice_key, &alice_pkey);
  GNUNET_CRYPTO_short_hash(&bob_pkey, sizeof(bob_pkey), &bob_hash);
  GNUNET_CRYPTO_short_hash(&alice_pkey, sizeof(alice_pkey), &alice_hash);
  GNUNET_CRYPTO_short_hash(&our_pkey, sizeof(our_pkey), &our_zone);
+  GNUNET_CRYPTO_short_hash(&priv_pkey, sizeof(priv_pkey), &priv_zone);
+  GNUNET_CRYPTO_short_hash(&short_pkey, sizeof(short_pkey), &short_zone);
+  
  struct GNUNET_NAMESTORE_RecordData rd;
  rd.expiration = GNUNET_TIME_UNIT_FOREVER_ABS;
  rd.data_size = sizeof(struct GNUNET_CRYPTO_ShortHashCode);
-  rd.data = &bob_hash;
+  rd.data = &priv_zone;
  rd.record_type = GNUNET_GNS_RECORD_PKEY;
  GNUNET_NAMESTORE_record_create (namestore_handle,
                                  our_key,
-                                  TEST_AUTHORITY_BOB,
+                                  TEST_PRIVATE_ZONE,
                                  &rd,
-                                  &put_pkey_dht,
+                                  &cont_init_zone,
                                  NULL);
 }
 static void
diff --git a/src/gns/test_gns_simple_delegated_lookup.c b/src/gns/test_gns_simple_delegated_lookup.c
index 3f89b7d91..9e5226285 100644
--- a/src/gns/test_gns_simple_delegated_lookup.c
+++ b/src/gns/test_gns_simple_delegated_lookup.c
@@ -165,6 +165,7 @@ commence_testing (void *cls, int32_t success, const char *emsg)
  GNUNET_GNS_lookup(gns_handle, TEST_DOMAIN, GNUNET_GNS_RECORD_TYPE_A,
                    GNUNET_NO,
+                    NULL,
                    &on_lookup_result, TEST_DOMAIN);
 }
diff --git a/src/gns/test_gns_simple_lookup.c b/src/gns/test_gns_simple_lookup.c
index 46ce3084e..a1d6b02ae 100644
--- a/src/gns/test_gns_simple_lookup.c
+++ b/src/gns/test_gns_simple_lookup.c
@@ -150,6 +150,7 @@ commence_testing (void *cls, int32_t success, const char *emsg)
  GNUNET_GNS_lookup(gns_handle, TEST_DOMAIN, GNUNET_GNS_RECORD_TYPE_A,
                    GNUNET_YES,
+                    NULL,
                    &on_lookup_result, TEST_DOMAIN);
 }
diff --git a/src/gns/test_gns_simple_lookup.conf b/src/gns/test_gns_simple_lookup.conf
index 9a32fe561..fec6b68d2 100644
--- a/src/gns/test_gns_simple_lookup.conf
+++ b/src/gns/test_gns_simple_lookup.conf
@@ -76,6 +76,10 @@ DNS_EXIT = 8.8.8.8
 AUTOSTART = YES
 BINARY = gnunet-service-gns
 ZONEKEY = $SERVICEHOME/.hostkey
+PRIVATE_ZONE = private
+PRIVATE_ZONEKEY = $SERVICEHOME/gns/zonekey_priv.zkey
+SHORTEN_ZONE = short
+SHORTEN_ZONEKEY = $SERVICEHOME/gns/zonekey_short.zkey
 #ZONEKEY =  $SERVICEHOME/gns/zonekey.zkey
 HIJACK_DNS = NO
 UNIXPATH = /tmp/gnunet-service-gns.sock
diff --git a/src/gns/test_gns_simple_mx_lookup.c b/src/gns/test_gns_simple_mx_lookup.c
index 57531c4eb..c6ec1d684 100644
--- a/src/gns/test_gns_simple_mx_lookup.c
+++ b/src/gns/test_gns_simple_mx_lookup.c
@@ -182,6 +182,7 @@ commence_testing (void *cls, int32_t success, const char *emsg)
  GNUNET_GNS_lookup(gns_handle, TEST_DOMAIN, GNUNET_GNS_RECORD_MX,
                    GNUNET_NO,
+                    NULL,
                    &on_lookup_result, TEST_DOMAIN);
 }
diff --git a/src/gns/test_gns_simple_zkey_lookup.c b/src/gns/test_gns_simple_zkey_lookup.c
index 66bca0917..b6d02cf3f 100644
--- a/src/gns/test_gns_simple_zkey_lookup.c
+++ b/src/gns/test_gns_simple_zkey_lookup.c
@@ -169,6 +169,7 @@ commence_testing (void *cls, int32_t success, const char *emsg)
  GNUNET_GNS_lookup(gns_handle, name, GNUNET_GNS_RECORD_TYPE_A,
                    GNUNET_NO,
+                    NULL,
                    &on_lookup_result, NULL);
 }
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2012-06-13 17:36:47 +0000
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2012-06-13 17:36:47 +0000
commit	1f5326cd1032cbcc914c7809df1a64994eeebbe9 (patch)
tree	bd04389845d0b3096d98e3e97033040486108830 /src/gns
parent	a8c5598ba43fcd61a5a340f14a3bab1613adbe7c (diff)
download	gnunet-1f5326cd1032cbcc914c7809df1a64994eeebbe9.tar.gz gnunet-1f5326cd1032cbcc914c7809df1a64994eeebbe9.zip