-fix idp

author: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-05-30 13:50:07 +0200
committer: Schanzenbach, Martin <mschanzenbach@posteo.de> 2017-05-30 13:50:07 +0200
commit: 5747257471e9b66208836799bced6df3d32c50f4 (patch)
tree: 1a29764f836e30dfce86393a4e8e09032302dab6 /src/identity-provider/gnunet-service-identity-provider.c
parent: dfe45df6f05c770db78922dc352c4d88de15e56e (diff)
download: gnunet-5747257471e9b66208836799bced6df3d32c50f4.tar.gz
gnunet-5747257471e9b66208836799bced6df3d32c50f4.zip
1 files changed, 15 insertions, 158 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index f9e06fef9..f4ea352d4 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle)
    ticket_destroy (handle->ticket);
  if (NULL != handle->label)
    GNUNET_free (handle->label);
+  if (NULL != handle->ns_it)
+    GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
+  if (NULL != handle->credential_request)
+    GNUNET_CREDENTIAL_request_cancel (handle->credential_request);
  GNUNET_free (handle);
 }
@@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls,
 }
-static void
-find_existing_token_error (void *cls)
-{
-  struct IssueHandle *handle = cls;
-  cleanup_issue_handle (handle);
-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n");
-  GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
-}
-static void
-find_existing_token_finished (void *cls)
-{
-  struct IssueHandle *handle = cls;
-  uint64_t rnd_key;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              ">>> No existing token found\n");
-  rnd_key =
-    GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
-                              UINT64_MAX);
-  GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
-                                sizeof (uint64_t),
-                                &handle->label);
-  handle->ns_it = NULL;
-  handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
-                                                         &handle->iss_key,
-                                                         &attr_collect_error,
-                                                         handle,
-                                                         &attr_collect,
-                                                         handle,
-                                                         &attr_collect_finished,
-                                                         handle);
-}
-/**
- *
- * Look for existing token
- *
- * @param cls the identity entry
- * @param zone the identity
- * @param lbl the name of the record
- * @param rd_count number of records
- * @param rd record data
- *
- */
-static void
-find_existing_token (void *cls,
-                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-                     const char *lbl,
-                     unsigned int rd_count,
-                     const struct GNUNET_GNSRECORD_Data *rd)
-{
-  struct IssueHandle *handle = cls;
-  const struct GNUNET_GNSRECORD_Data *token_metadata_record;
-  struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
-  struct GNUNET_HashCode key;
-  int scope_count_token;
-  char *scope;
-  char *tmp_scopes;
-  //There should be only a single record for a token under a label
-  if (2 != rd_count)
-  {
-    GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
-    return;
-  }
-  if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
-  {
-    token_metadata_record = &rd[0];
-  }
-  else
-  {
-    token_metadata_record = &rd[1];
-  }
-  if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
-  {
-    GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
-    return;
-  }
-  ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data);
-  aud_key =
-    (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
-  tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  if (0 != memcmp (aud_key, &handle->aud_key,
-                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
-  {
-    char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key,
-                                                      sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-    //Audience does not match!
-    char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA,
-                                                  token_metadata_record->data,
-                                                  token_metadata_record->data_size);
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Token does not match audience %s vs %s. Moving on\n",
-                tmp2,
-                tmp);
-    GNUNET_free (tmp_scopes);
-    GNUNET_free (tmp2);
-    GNUNET_free (tmp);
-    GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
-    return;
-  }
-  scope = strtok (tmp_scopes, ",");
-  scope_count_token = 0;
-  while (NULL != scope)
-  {
-    GNUNET_CRYPTO_hash (scope,
-                        strlen (scope),
-                        &key);
-    if ((NULL != handle->attr_map) &&
-        (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key)))
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Issued token does not include `%s'. Moving on\n", scope);
-      GNUNET_free (tmp_scopes);
-      GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
-      return;
-    }
-    scope_count_token++;
-    scope = strtok (NULL, ",");
-  }
-  GNUNET_free (tmp_scopes);
-  //All scopes in token are also in request. Now
-  //Check length
-  if ((NULL != handle->attr_map) &&
-      (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token))
-  {
-    //We have an existing token
-    handle->label = GNUNET_strdup (lbl);
-    handle->ns_it = NULL;
-    handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
-                                                           &handle->iss_key,
-                                                           &attr_collect_error,
-                                                           handle,
-                                                           &attr_collect,
-                                                           handle,
-                                                           &attr_collect_finished,
-                                                           handle);
-    return;
-  }
-  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-              "Nuber of attributes in token do not match request\n");
-  //No luck
-  GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
-}
 /**
 * Checks an issue message
 *
@@ -1684,6 +1534,7 @@ handle_issue_message (void *cls,
  char *scopes_tmp;
  char *scope;
  const char *v_attrs;
+  uint64_t rnd_key;
  struct GNUNET_HashCode key;
  struct IssueHandle *issue_handle;
  struct VerifiedAttributeEntry *vattr_entry;
@@ -1733,14 +1584,20 @@ handle_issue_message (void *cls,
  issue_handle->scopes = GNUNET_strdup (scopes);
  issue_handle->token = token_create (&issue_handle->iss_pkey,
                                      &issue_handle->aud_key);
+  rnd_key =
+    GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
+                              UINT64_MAX);
+  GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
+                                sizeof (uint64_t),
+                                &issue_handle->label);
  issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
-                                                               &im->iss_key,
+                                                               &issue_handle->iss_key,
-                                                               &find_existing_token_error,
+                                                               &attr_collect_error,
                                                               issue_handle,
-                                                               &find_existing_token,
+                                                               &attr_collect,
                                                               issue_handle,
-                                                               &find_existing_token_finished,
+                                                               &attr_collect_finished,
                                                               issue_handle);
 }
author	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-05-30 13:50:07 +0200
committer	Schanzenbach, Martin <mschanzenbach@posteo.de>	2017-05-30 13:50:07 +0200
commit	5747257471e9b66208836799bced6df3d32c50f4 (patch)
tree	1a29764f836e30dfce86393a4e8e09032302dab6 /src/identity-provider/gnunet-service-identity-provider.c
parent	dfe45df6f05c770db78922dc352c4d88de15e56e (diff)
download	gnunet-5747257471e9b66208836799bced6df3d32c50f4.tar.gz gnunet-5747257471e9b66208836799bced6df3d32c50f4.zip

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index f9e06fef9..f4ea352d4 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -1015,6 +1015,10 @@ cleanup_issue_handle (struct IssueHandle *handle)
1015	ticket_destroy (handle->ticket);	1015	ticket_destroy (handle->ticket);
1016	if (NULL != handle->label)	1016	if (NULL != handle->label)
1017	GNUNET_free (handle->label);	1017	GNUNET_free (handle->label);
		1018	if (NULL != handle->ns_it)
		1019	GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
		1020	if (NULL != handle->credential_request)
		1021	GNUNET_CREDENTIAL_request_cancel (handle->credential_request);
1018	GNUNET_free (handle);	1022	GNUNET_free (handle);
1019	}	1023	}
1020		1024
@@ -1484,160 +1488,6 @@ handle_exchange_message (void *cls,
1484		1488
1485	}	1489	}
1486		1490
1487
1488	static void
1489	find_existing_token_error (void *cls)
1490	{
1491	struct IssueHandle *handle = cls;
1492	cleanup_issue_handle (handle);
1493	GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error looking for existing token\n");
1494	GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
1495	}
1496
1497
1498	static void
1499	find_existing_token_finished (void *cls)
1500	{
1501	struct IssueHandle *handle = cls;
1502	uint64_t rnd_key;
1503
1504	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1505	">>> No existing token found\n");
1506	rnd_key =
1507	GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
1508	UINT64_MAX);
1509	GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
1510	sizeof (uint64_t),
1511	&handle->label);
1512	handle->ns_it = NULL;
1513	handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
1514	&handle->iss_key,
1515	&attr_collect_error,
1516	handle,
1517	&attr_collect,
1518	handle,
1519	&attr_collect_finished,
1520	handle);
1521	}
1522
1523
1524	/**
1525	*
1526	* Look for existing token
1527	*
1528	* @param cls the identity entry
1529	* @param zone the identity
1530	* @param lbl the name of the record
1531	* @param rd_count number of records
1532	* @param rd record data
1533	*
1534	*/
1535	static void
1536	find_existing_token (void *cls,
1537	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
1538	const char *lbl,
1539	unsigned int rd_count,
1540	const struct GNUNET_GNSRECORD_Data *rd)
1541	{
1542	struct IssueHandle *handle = cls;
1543	const struct GNUNET_GNSRECORD_Data *token_metadata_record;
1544	struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
1545	struct GNUNET_HashCode key;
1546	int scope_count_token;
1547	char *scope;
1548	char *tmp_scopes;
1549
1550	//There should be only a single record for a token under a label
1551	if (2 != rd_count)
1552	{
1553	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1554	return;
1555	}
1556
1557	if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
1558	{
1559	token_metadata_record = &rd[0];
1560	}
1561	else
1562	{
1563	token_metadata_record = &rd[1];
1564	}
1565	if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA)
1566	{
1567	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1568	return;
1569	}
1570	ecdhe_privkey = ((struct GNUNET_CRYPTO_EcdhePrivateKey )token_metadata_record->data);
1571	aud_key =
1572	(struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
1573	tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1574
1575	if (0 != memcmp (aud_key, &handle->aud_key,
1576	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
1577	{
1578	char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key,
1579	sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
1580	//Audience does not match!
1581	char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA,
1582	token_metadata_record->data,
1583	token_metadata_record->data_size);
1584	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1585	"Token does not match audience %s vs %s. Moving on\n",
1586	tmp2,
1587	tmp);
1588	GNUNET_free (tmp_scopes);
1589	GNUNET_free (tmp2);
1590	GNUNET_free (tmp);
1591	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1592	return;
1593	}
1594
1595	scope = strtok (tmp_scopes, ",");
1596	scope_count_token = 0;
1597	while (NULL != scope)
1598	{
1599	GNUNET_CRYPTO_hash (scope,
1600	strlen (scope),
1601	&key);
1602
1603	if ((NULL != handle->attr_map) &&
1604	(GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key)))
1605	{
1606	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1607	"Issued token does not include `%s'. Moving on\n", scope);
1608	GNUNET_free (tmp_scopes);
1609	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1610	return;
1611	}
1612	scope_count_token++;
1613	scope = strtok (NULL, ",");
1614	}
1615	GNUNET_free (tmp_scopes);
1616	//All scopes in token are also in request. Now
1617	//Check length
1618	if ((NULL != handle->attr_map) &&
1619	(GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token))
1620	{
1621	//We have an existing token
1622	handle->label = GNUNET_strdup (lbl);
1623	handle->ns_it = NULL;
1624	handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
1625	&handle->iss_key,
1626	&attr_collect_error,
1627	handle,
1628	&attr_collect,
1629	handle,
1630	&attr_collect_finished,
1631	handle);
1632
1633	return;
1634	}
1635	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1636	"Nuber of attributes in token do not match request\n");
1637	//No luck
1638	GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1639	}
1640
1641	/**	1491	/**
1642	* Checks an issue message	1492	* Checks an issue message
1643	*	1493	*
@@ -1684,6 +1534,7 @@ handle_issue_message (void *cls,
1684	char *scopes_tmp;	1534	char *scopes_tmp;
1685	char *scope;	1535	char *scope;
1686	const char *v_attrs;	1536	const char *v_attrs;
		1537	uint64_t rnd_key;
1687	struct GNUNET_HashCode key;	1538	struct GNUNET_HashCode key;
1688	struct IssueHandle *issue_handle;	1539	struct IssueHandle *issue_handle;
1689	struct VerifiedAttributeEntry *vattr_entry;	1540	struct VerifiedAttributeEntry *vattr_entry;
@@ -1733,14 +1584,20 @@ handle_issue_message (void *cls,
1733	issue_handle->scopes = GNUNET_strdup (scopes);	1584	issue_handle->scopes = GNUNET_strdup (scopes);
1734	issue_handle->token = token_create (&issue_handle->iss_pkey,	1585	issue_handle->token = token_create (&issue_handle->iss_pkey,
1735	&issue_handle->aud_key);	1586	&issue_handle->aud_key);
		1587	rnd_key =
		1588	GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
		1589	UINT64_MAX);
		1590	GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
		1591	sizeof (uint64_t),
		1592	&issue_handle->label);
1736		1593
1737	issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,	1594	issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
1738	&im->iss_key,	1595	&issue_handle->iss_key,
1739	&find_existing_token_error,	1596	&attr_collect_error,
1740	issue_handle,	1597	issue_handle,
1741	&find_existing_token,	1598	&attr_collect,
1742	issue_handle,	1599	issue_handle,
1743	&find_existing_token_finished,	1600	&attr_collect_finished,
1744	issue_handle);	1601	issue_handle);
1745	}	1602	}
1746		1603