- update issue handling, fix memleaks

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2016-01-10 09:55:48 +0000
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2016-01-10 09:55:48 +0000
commit: 49a09a064af8cd6bbce568263e1b5152a0996fc9 (patch)
tree: b9fcb737c311a43fd328e2ddf942d8642625c9b9 /src/identity-provider/gnunet-service-identity-provider.c
parent: 3014465481e5c883ba1ab41cd4ff70a428e27b24 (diff)
download: gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.tar.gz
gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.zip
1 files changed, 154 insertions, 36 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 10ecf9538..a8a8b7f16 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -255,6 +255,11 @@ struct IssueHandle
   * QueueEntry
   */
  struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+  /**
+   * The label the token is stored under
+   */
+  char *label;
 };
 /**
@@ -327,7 +332,6 @@ handle_token_update (void *cls,
  char *token_metadata;
  char *write_ptr;
  char *enc_token_str;
-  char *val_str;
  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
  struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
  struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey;
@@ -402,21 +406,15 @@ handle_token_update (void *cls,
  {
    if (0 == strcmp (attr->name, "exp"))
    {
-      GNUNET_asprintf (&val_str, "%ul", new_exp.abs_value_us);
+      token_add_attr_int (new_token, attr->name, new_exp.abs_value_us);
-      token_add_attr (new_token, attr->name, val_str);
-      GNUNET_free (val_str);
    }
    else if (0 == strcmp (attr->name, "nbf"))
    {
-      GNUNET_asprintf (&val_str, "%ul", new_nbf.abs_value_us);
+      token_add_attr_int (new_token, attr->name, new_nbf.abs_value_us);
-      token_add_attr (new_token, attr->name, val_str);
-      GNUNET_free (val_str);
    }
    else if (0 == strcmp (attr->name, "iat"))
    {
-      GNUNET_asprintf (&val_str, "%ul", new_iat.abs_value_us);
+      token_add_attr_int (new_token, attr->name, new_iat.abs_value_us);
-      token_add_attr (new_token, attr->name, val_str);
-      GNUNET_free (val_str);
    }
    else if ((0 == strcmp (attr->name, "iss"))
             || (0 == strcmp (attr->name, "aud")))
@@ -534,7 +532,6 @@ clear_ego_attrs (void *cls,
  return GNUNET_YES;
 }
 /**
 *
 * Update all ID_TOKEN records for an identity and store them
@@ -913,9 +910,11 @@ cleanup_issue_handle (struct IssueHandle *handle)
  if (NULL != handle->scopes)
    GNUNET_free (handle->scopes);
  if (NULL != handle->token)
-    token_destroy (handle->token);
+   token_destroy (handle->token);
  if (NULL != handle->ticket)
    ticket_destroy (handle->ticket);
+  if (NULL != handle->label)
+    GNUNET_free (handle->label);
  GNUNET_free (handle);
 }
@@ -974,15 +973,12 @@ sign_and_return_token (void *cls,
  struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
  struct IssueHandle *handle = cls;
  struct GNUNET_GNSRECORD_Data token_record[2];
-  char *lbl_str;
  char *nonce_str;
  char *enc_token_str;
  char *token_metadata;
  char* write_ptr;
-  char* attr_val;
  uint64_t time;
  uint64_t exp_time;
-  uint64_t rnd_key;
  size_t token_metadata_len;
  //Remote nonce 
@@ -990,29 +986,19 @@ sign_and_return_token (void *cls,
  GNUNET_asprintf (&nonce_str, "%d", handle->nonce);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
-  //Label
-  rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
-                                      UINT64_MAX);
-  GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
-                                sizeof (uint64_t),
-                                &lbl_str);
  GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
                                      &pub_key);
  handle->ticket = ticket_create (nonce_str,
                                  &pub_key,
-                                  lbl_str,
+                                  handle->label,
                                  &handle->aud_key);
  time = GNUNET_TIME_absolute_get().abs_value_us;
  exp_time = time + token_expiration_interval.rel_value_us;
-  GNUNET_asprintf (&attr_val, "%ul", time);
+  token_add_attr_int (handle->token, "nbf", time);
-  token_add_attr (handle->token, "nbf", attr_val);
+  token_add_attr_int (handle->token, "iat", time);
-  token_add_attr (handle->token, "iat", attr_val);
+  token_add_attr_int (handle->token, "exp", exp_time);
-  GNUNET_free (attr_val);
-  GNUNET_asprintf (&attr_val, "%ul", exp_time);
-  token_add_attr (handle->token, "exp", attr_val);
-  GNUNET_free (attr_val);
  token_add_attr (handle->token, "nonce", nonce_str);
  //Token in a serialized encrypted format 
@@ -1049,13 +1035,12 @@ sign_and_return_token (void *cls,
  //Persist token
  handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                                  &handle->iss_key,
-                                                  lbl_str,
+                                                  handle->label,
                                                  2,
                                                  token_record,
                                                  &store_token_issue_cont,
                                                  handle);
  GNUNET_free (ecdhe_privkey);
-  GNUNET_free (lbl_str);
  GNUNET_free (nonce_str);
  GNUNET_free (enc_token_str);
  GNUNET_free (token_metadata);
@@ -1195,6 +1180,8 @@ process_lookup_result (void *cls, uint32_t rd_count,
 }
 /**
 *
 * Handler for exchange message
@@ -1258,6 +1245,137 @@ handle_exchange_message (void *cls,
 }
+/**
+ *
+ * Look for existing token
+ *
+ * @param cls the identity entry
+ * @param zone the identity
+ * @param lbl the name of the record
+ * @param rd_count number of records
+ * @param rd record data
+ *
+ */
+static void
+find_existing_token (void *cls,
+                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+                     const char *lbl,
+                     unsigned int rd_count,
+                     const struct GNUNET_GNSRECORD_Data *rd)
+{
+  struct IssueHandle *handle = cls;
+  const struct GNUNET_GNSRECORD_Data *token_metadata_record;
+  struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
+  struct GNUNET_HashCode key;
+  int scope_count_token;
+  uint64_t rnd_key;
+  char *scope;
+  char *tmp_scopes;
+  if (NULL == lbl)
+  {
+    //Done
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                ">>> No existing token found\n");
+    //Label
+    rnd_key = 
+      GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
+                                UINT64_MAX);
+    GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
+                                  sizeof (uint64_t),
+                                  &handle->label);
+    handle->ns_it = NULL;
+    handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
+                                                           &handle->iss_key,
+                                                           &attr_collect,
+                                                           handle);
+    return; 
+  }
+  //There should be only a single record for a token under a label
+  if (2 != rd_count)
+  {
+    GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+    return;
+  }
+  if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
+  {
+    token_metadata_record = &rd[0];
+  } else {
+    token_metadata_record = &rd[1];
+  }
+  if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
+  {
+    GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+    return;
+  }
+  ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data);
+  aud_key = 
+    (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
+  tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+  if (0 != memcmp (aud_key, &handle->aud_key,
+                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+  {
+    char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key,
+                                                    sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+    //Audience does not match!
+    char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA,
+                                                                     token_metadata_record->data,
+                                                                     token_metadata_record->data_size);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Token does not match audience %s vs %s. Moving on\n",
+                tmp2,
+                tmp);
+    GNUNET_free (tmp_scopes);
+    GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+    return;
+  }
+  scope = strtok (tmp_scopes, ",");
+  scope_count_token = 0;
+  while (NULL != scope)
+  {
+    GNUNET_CRYPTO_hash (scope,
+                        strlen (scope),
+                        &key);
+    if ((NULL != handle->attr_map) &&
+        (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key)))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Issued token does not include `%s'. Moving on\n", scope);
+      GNUNET_free (tmp_scopes);
+      GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+      return;
+    }
+    scope_count_token++;
+    scope = strtok (NULL, ",");
+  }
+  GNUNET_free (tmp_scopes);
+  //All scopes in token are also in request. Now
+  //Check length
+  if (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token)
+  {
+    //We have an existing token
+    handle->label = GNUNET_strdup (lbl);
+    handle->ns_it = NULL;
+    handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
+                                                           &handle->iss_key,
+                                                           &attr_collect,
+                                                           handle);
+    return;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Nuber of attributes in token do not match request\n");
+  //No luck
+  GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
+}
 /**
 *
 * Handler for issue message
@@ -1311,21 +1429,21 @@ handle_issue_message (void *cls,
  issue_handle->aud_key = im->aud_key;
  issue_handle->iss_key = im->iss_key;
+  GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
+                                      &issue_handle->iss_pkey);
  issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration);
-  issue_handle->nonce = im->nonce;
+  issue_handle->nonce = ntohl (im->nonce);
  GNUNET_SERVER_receive_done (client, GNUNET_OK);
  GNUNET_SERVER_notification_context_add (nc, client);
  GNUNET_SERVER_client_set_user_context (client, issue_handle);
  issue_handle->client = client;
  issue_handle->scopes = GNUNET_strdup (scopes);
-  GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
-                                      &issue_handle->iss_pkey);
  issue_handle->token = token_create (&issue_handle->iss_pkey,
-                                      &im->aud_key);
+                                      &issue_handle->aud_key);
  issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
                                                               &im->iss_key,
-                                                               &attr_collect,
+                                                               &find_existing_token,
                                                               issue_handle);
 }
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2016-01-10 09:55:48 +0000
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2016-01-10 09:55:48 +0000
commit	49a09a064af8cd6bbce568263e1b5152a0996fc9 (patch)
tree	b9fcb737c311a43fd328e2ddf942d8642625c9b9 /src/identity-provider/gnunet-service-identity-provider.c
parent	3014465481e5c883ba1ab41cd4ff70a428e27b24 (diff)
download	gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.tar.gz gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.zip

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 10ecf9538..a8a8b7f16 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -255,6 +255,11 @@ struct IssueHandle
255	* QueueEntry	255	* QueueEntry
256	*/	256	*/
257	struct GNUNET_NAMESTORE_QueueEntry *ns_qe;	257	struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
		258
		259	/**
		260	* The label the token is stored under
		261	*/
		262	char *label;
258	};	263	};
259		264
260	/**	265	/**
@@ -327,7 +332,6 @@ handle_token_update (void *cls,
327	char *token_metadata;	332	char *token_metadata;
328	char *write_ptr;	333	char *write_ptr;
329	char *enc_token_str;	334	char *enc_token_str;
330	char *val_str;
331	const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;	335	const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
332	struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;	336	struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
333	struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey;	337	struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey;
@@ -402,21 +406,15 @@ handle_token_update (void *cls,
402	{	406	{
403	if (0 == strcmp (attr->name, "exp"))	407	if (0 == strcmp (attr->name, "exp"))
404	{	408	{
405	GNUNET_asprintf (&val_str, "%ul", new_exp.abs_value_us);	409	token_add_attr_int (new_token, attr->name, new_exp.abs_value_us);
406	token_add_attr (new_token, attr->name, val_str);
407	GNUNET_free (val_str);
408	}	410	}
409	else if (0 == strcmp (attr->name, "nbf"))	411	else if (0 == strcmp (attr->name, "nbf"))
410	{	412	{
411	GNUNET_asprintf (&val_str, "%ul", new_nbf.abs_value_us);	413	token_add_attr_int (new_token, attr->name, new_nbf.abs_value_us);
412	token_add_attr (new_token, attr->name, val_str);
413	GNUNET_free (val_str);
414	}	414	}
415	else if (0 == strcmp (attr->name, "iat"))	415	else if (0 == strcmp (attr->name, "iat"))
416	{	416	{
417	GNUNET_asprintf (&val_str, "%ul", new_iat.abs_value_us);	417	token_add_attr_int (new_token, attr->name, new_iat.abs_value_us);
418	token_add_attr (new_token, attr->name, val_str);
419	GNUNET_free (val_str);
420	}	418	}
421	else if ((0 == strcmp (attr->name, "iss"))	419	else if ((0 == strcmp (attr->name, "iss"))
422	\|\| (0 == strcmp (attr->name, "aud")))	420	\|\| (0 == strcmp (attr->name, "aud")))
@@ -534,7 +532,6 @@ clear_ego_attrs (void *cls,
534	return GNUNET_YES;	532	return GNUNET_YES;
535	}	533	}
536		534
537
538	/**	535	/**
539	*	536	*
540	* Update all ID_TOKEN records for an identity and store them	537	* Update all ID_TOKEN records for an identity and store them
@@ -913,9 +910,11 @@ cleanup_issue_handle (struct IssueHandle *handle)
913	if (NULL != handle->scopes)	910	if (NULL != handle->scopes)
914	GNUNET_free (handle->scopes);	911	GNUNET_free (handle->scopes);
915	if (NULL != handle->token)	912	if (NULL != handle->token)
916	token_destroy (handle->token);	913	token_destroy (handle->token);
917	if (NULL != handle->ticket)	914	if (NULL != handle->ticket)
918	ticket_destroy (handle->ticket);	915	ticket_destroy (handle->ticket);
		916	if (NULL != handle->label)
		917	GNUNET_free (handle->label);
919	GNUNET_free (handle);	918	GNUNET_free (handle);
920	}	919	}
921		920
@@ -974,15 +973,12 @@ sign_and_return_token (void *cls,
974	struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;	973	struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
975	struct IssueHandle *handle = cls;	974	struct IssueHandle *handle = cls;
976	struct GNUNET_GNSRECORD_Data token_record[2];	975	struct GNUNET_GNSRECORD_Data token_record[2];
977	char *lbl_str;
978	char *nonce_str;	976	char *nonce_str;
979	char *enc_token_str;	977	char *enc_token_str;
980	char *token_metadata;	978	char *token_metadata;
981	char* write_ptr;	979	char* write_ptr;
982	char* attr_val;
983	uint64_t time;	980	uint64_t time;
984	uint64_t exp_time;	981	uint64_t exp_time;
985	uint64_t rnd_key;
986	size_t token_metadata_len;	982	size_t token_metadata_len;
987		983
988	//Remote nonce	984	//Remote nonce
@@ -990,29 +986,19 @@ sign_and_return_token (void *cls,
990	GNUNET_asprintf (&nonce_str, "%d", handle->nonce);	986	GNUNET_asprintf (&nonce_str, "%d", handle->nonce);
991	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);	987	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
992		988
993	//Label
994	rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
995	UINT64_MAX);
996	GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
997	sizeof (uint64_t),
998	&lbl_str);
999	GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,	989	GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
1000	&pub_key);	990	&pub_key);
1001	handle->ticket = ticket_create (nonce_str,	991	handle->ticket = ticket_create (nonce_str,
1002	&pub_key,	992	&pub_key,
1003	lbl_str,	993	handle->label,
1004	&handle->aud_key);	994	&handle->aud_key);
1005		995
1006	time = GNUNET_TIME_absolute_get().abs_value_us;	996	time = GNUNET_TIME_absolute_get().abs_value_us;
1007	exp_time = time + token_expiration_interval.rel_value_us;	997	exp_time = time + token_expiration_interval.rel_value_us;
1008		998
1009	GNUNET_asprintf (&attr_val, "%ul", time);	999	token_add_attr_int (handle->token, "nbf", time);
1010	token_add_attr (handle->token, "nbf", attr_val);	1000	token_add_attr_int (handle->token, "iat", time);
1011	token_add_attr (handle->token, "iat", attr_val);	1001	token_add_attr_int (handle->token, "exp", exp_time);
1012	GNUNET_free (attr_val);
1013	GNUNET_asprintf (&attr_val, "%ul", exp_time);
1014	token_add_attr (handle->token, "exp", attr_val);
1015	GNUNET_free (attr_val);
1016	token_add_attr (handle->token, "nonce", nonce_str);	1002	token_add_attr (handle->token, "nonce", nonce_str);
1017		1003
1018	//Token in a serialized encrypted format	1004	//Token in a serialized encrypted format
@@ -1049,13 +1035,12 @@ sign_and_return_token (void *cls,
1049	//Persist token	1035	//Persist token
1050	handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,	1036	handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1051	&handle->iss_key,	1037	&handle->iss_key,
1052	lbl_str,	1038	handle->label,
1053	2,	1039	2,
1054	token_record,	1040	token_record,
1055	&store_token_issue_cont,	1041	&store_token_issue_cont,
1056	handle);	1042	handle);
1057	GNUNET_free (ecdhe_privkey);	1043	GNUNET_free (ecdhe_privkey);
1058	GNUNET_free (lbl_str);
1059	GNUNET_free (nonce_str);	1044	GNUNET_free (nonce_str);
1060	GNUNET_free (enc_token_str);	1045	GNUNET_free (enc_token_str);
1061	GNUNET_free (token_metadata);	1046	GNUNET_free (token_metadata);
@@ -1195,6 +1180,8 @@ process_lookup_result (void *cls, uint32_t rd_count,
1195		1180
1196	}	1181	}
1197		1182
		1183
		1184
1198	/**	1185	/**
1199	*	1186	*
1200	* Handler for exchange message	1187	* Handler for exchange message
@@ -1258,6 +1245,137 @@ handle_exchange_message (void *cls,
1258		1245
1259	}	1246	}
1260		1247
		1248
		1249	/**
		1250	*
		1251	* Look for existing token
		1252	*
		1253	* @param cls the identity entry
		1254	* @param zone the identity
		1255	* @param lbl the name of the record
		1256	* @param rd_count number of records
		1257	* @param rd record data
		1258	*
		1259	*/
		1260	static void
		1261	find_existing_token (void *cls,
		1262	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
		1263	const char *lbl,
		1264	unsigned int rd_count,
		1265	const struct GNUNET_GNSRECORD_Data *rd)
		1266	{
		1267	struct IssueHandle *handle = cls;
		1268	const struct GNUNET_GNSRECORD_Data *token_metadata_record;
		1269	struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
		1270	struct GNUNET_HashCode key;
		1271	int scope_count_token;
		1272	uint64_t rnd_key;
		1273	char *scope;
		1274	char *tmp_scopes;
		1275
		1276	if (NULL == lbl)
		1277	{
		1278	//Done
		1279	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
		1280	">>> No existing token found\n");
		1281	//Label
		1282	rnd_key =
		1283	GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
		1284	UINT64_MAX);
		1285	GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
		1286	sizeof (uint64_t),
		1287	&handle->label);
		1288	handle->ns_it = NULL;
		1289	handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
		1290	&handle->iss_key,
		1291	&attr_collect,
		1292	handle);
		1293	return;
		1294	}
		1295
		1296	//There should be only a single record for a token under a label
		1297	if (2 != rd_count)
		1298	{
		1299	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
		1300	return;
		1301	}
		1302
		1303	if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
		1304	{
		1305	token_metadata_record = &rd[0];
		1306	} else {
		1307	token_metadata_record = &rd[1];
		1308	}
		1309	if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
		1310	{
		1311	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
		1312	return;
		1313	}
		1314	ecdhe_privkey = ((struct GNUNET_CRYPTO_EcdhePrivateKey )token_metadata_record->data);
		1315	aud_key =
		1316	(struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
		1317	tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
		1318
		1319	if (0 != memcmp (aud_key, &handle->aud_key,
		1320	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
		1321	{
		1322	char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key,
		1323	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
		1324	//Audience does not match!
		1325	char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA,
		1326	token_metadata_record->data,
		1327	token_metadata_record->data_size);
		1328	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		1329	"Token does not match audience %s vs %s. Moving on\n",
		1330	tmp2,
		1331	tmp);
		1332	GNUNET_free (tmp_scopes);
		1333	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
		1334	return;
		1335	}
		1336
		1337	scope = strtok (tmp_scopes, ",");
		1338	scope_count_token = 0;
		1339	while (NULL != scope)
		1340	{
		1341	GNUNET_CRYPTO_hash (scope,
		1342	strlen (scope),
		1343	&key);
		1344
		1345	if ((NULL != handle->attr_map) &&
		1346	(GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key)))
		1347	{
		1348	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		1349	"Issued token does not include `%s'. Moving on\n", scope);
		1350	GNUNET_free (tmp_scopes);
		1351	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
		1352	return;
		1353	}
		1354	scope_count_token++;
		1355	scope = strtok (NULL, ",");
		1356	}
		1357	GNUNET_free (tmp_scopes);
		1358	//All scopes in token are also in request. Now
		1359	//Check length
		1360	if (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token)
		1361	{
		1362	//We have an existing token
		1363	handle->label = GNUNET_strdup (lbl);
		1364	handle->ns_it = NULL;
		1365	handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
		1366	&handle->iss_key,
		1367	&attr_collect,
		1368	handle);
		1369
		1370	return;
		1371	}
		1372	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		1373	"Nuber of attributes in token do not match request\n");
		1374	//No luck
		1375	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
		1376	}
		1377
		1378
1261	/**	1379	/**
1262	*	1380	*
1263	* Handler for issue message	1381	* Handler for issue message
@@ -1311,21 +1429,21 @@ handle_issue_message (void *cls,
1311		1429
1312	issue_handle->aud_key = im->aud_key;	1430	issue_handle->aud_key = im->aud_key;
1313	issue_handle->iss_key = im->iss_key;	1431	issue_handle->iss_key = im->iss_key;
		1432	GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
		1433	&issue_handle->iss_pkey);
1314	issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration);	1434	issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration);
1315	issue_handle->nonce = im->nonce;	1435	issue_handle->nonce = ntohl (im->nonce);
1316	GNUNET_SERVER_receive_done (client, GNUNET_OK);	1436	GNUNET_SERVER_receive_done (client, GNUNET_OK);
1317	GNUNET_SERVER_notification_context_add (nc, client);	1437	GNUNET_SERVER_notification_context_add (nc, client);
1318	GNUNET_SERVER_client_set_user_context (client, issue_handle);	1438	GNUNET_SERVER_client_set_user_context (client, issue_handle);
1319	issue_handle->client = client;	1439	issue_handle->client = client;
1320	issue_handle->scopes = GNUNET_strdup (scopes);	1440	issue_handle->scopes = GNUNET_strdup (scopes);
1321	GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
1322	&issue_handle->iss_pkey);
1323	issue_handle->token = token_create (&issue_handle->iss_pkey,	1441	issue_handle->token = token_create (&issue_handle->iss_pkey,
1324	&im->aud_key);	1442	&issue_handle->aud_key);
1325		1443
1326	issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,	1444	issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
1327	&im->iss_key,	1445	&im->iss_key,
1328	&attr_collect,	1446	&find_existing_token,
1329	issue_handle);	1447	issue_handle);
1330	}	1448	}
1331		1449