diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-10 09:55:48 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-10 09:55:48 +0000 |
commit | 49a09a064af8cd6bbce568263e1b5152a0996fc9 (patch) | |
tree | b9fcb737c311a43fd328e2ddf942d8642625c9b9 /src/identity-provider | |
parent | 3014465481e5c883ba1ab41cd4ff70a428e27b24 (diff) | |
download | gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.tar.gz gnunet-49a09a064af8cd6bbce568263e1b5152a0996fc9.zip |
- update issue handling, fix memleaks
Diffstat (limited to 'src/identity-provider')
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 190 | ||||
-rw-r--r-- | src/identity-provider/identity_token.c | 64 | ||||
-rw-r--r-- | src/identity-provider/identity_token.h | 62 |
3 files changed, 251 insertions, 65 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 10ecf9538..a8a8b7f16 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -255,6 +255,11 @@ struct IssueHandle | |||
255 | * QueueEntry | 255 | * QueueEntry |
256 | */ | 256 | */ |
257 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | 257 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; |
258 | |||
259 | /** | ||
260 | * The label the token is stored under | ||
261 | */ | ||
262 | char *label; | ||
258 | }; | 263 | }; |
259 | 264 | ||
260 | /** | 265 | /** |
@@ -327,7 +332,6 @@ handle_token_update (void *cls, | |||
327 | char *token_metadata; | 332 | char *token_metadata; |
328 | char *write_ptr; | 333 | char *write_ptr; |
329 | char *enc_token_str; | 334 | char *enc_token_str; |
330 | char *val_str; | ||
331 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 335 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
332 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | 336 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; |
333 | struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; | 337 | struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; |
@@ -402,21 +406,15 @@ handle_token_update (void *cls, | |||
402 | { | 406 | { |
403 | if (0 == strcmp (attr->name, "exp")) | 407 | if (0 == strcmp (attr->name, "exp")) |
404 | { | 408 | { |
405 | GNUNET_asprintf (&val_str, "%ul", new_exp.abs_value_us); | 409 | token_add_attr_int (new_token, attr->name, new_exp.abs_value_us); |
406 | token_add_attr (new_token, attr->name, val_str); | ||
407 | GNUNET_free (val_str); | ||
408 | } | 410 | } |
409 | else if (0 == strcmp (attr->name, "nbf")) | 411 | else if (0 == strcmp (attr->name, "nbf")) |
410 | { | 412 | { |
411 | GNUNET_asprintf (&val_str, "%ul", new_nbf.abs_value_us); | 413 | token_add_attr_int (new_token, attr->name, new_nbf.abs_value_us); |
412 | token_add_attr (new_token, attr->name, val_str); | ||
413 | GNUNET_free (val_str); | ||
414 | } | 414 | } |
415 | else if (0 == strcmp (attr->name, "iat")) | 415 | else if (0 == strcmp (attr->name, "iat")) |
416 | { | 416 | { |
417 | GNUNET_asprintf (&val_str, "%ul", new_iat.abs_value_us); | 417 | token_add_attr_int (new_token, attr->name, new_iat.abs_value_us); |
418 | token_add_attr (new_token, attr->name, val_str); | ||
419 | GNUNET_free (val_str); | ||
420 | } | 418 | } |
421 | else if ((0 == strcmp (attr->name, "iss")) | 419 | else if ((0 == strcmp (attr->name, "iss")) |
422 | || (0 == strcmp (attr->name, "aud"))) | 420 | || (0 == strcmp (attr->name, "aud"))) |
@@ -534,7 +532,6 @@ clear_ego_attrs (void *cls, | |||
534 | return GNUNET_YES; | 532 | return GNUNET_YES; |
535 | } | 533 | } |
536 | 534 | ||
537 | |||
538 | /** | 535 | /** |
539 | * | 536 | * |
540 | * Update all ID_TOKEN records for an identity and store them | 537 | * Update all ID_TOKEN records for an identity and store them |
@@ -913,9 +910,11 @@ cleanup_issue_handle (struct IssueHandle *handle) | |||
913 | if (NULL != handle->scopes) | 910 | if (NULL != handle->scopes) |
914 | GNUNET_free (handle->scopes); | 911 | GNUNET_free (handle->scopes); |
915 | if (NULL != handle->token) | 912 | if (NULL != handle->token) |
916 | token_destroy (handle->token); | 913 | token_destroy (handle->token); |
917 | if (NULL != handle->ticket) | 914 | if (NULL != handle->ticket) |
918 | ticket_destroy (handle->ticket); | 915 | ticket_destroy (handle->ticket); |
916 | if (NULL != handle->label) | ||
917 | GNUNET_free (handle->label); | ||
919 | GNUNET_free (handle); | 918 | GNUNET_free (handle); |
920 | } | 919 | } |
921 | 920 | ||
@@ -974,15 +973,12 @@ sign_and_return_token (void *cls, | |||
974 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | 973 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; |
975 | struct IssueHandle *handle = cls; | 974 | struct IssueHandle *handle = cls; |
976 | struct GNUNET_GNSRECORD_Data token_record[2]; | 975 | struct GNUNET_GNSRECORD_Data token_record[2]; |
977 | char *lbl_str; | ||
978 | char *nonce_str; | 976 | char *nonce_str; |
979 | char *enc_token_str; | 977 | char *enc_token_str; |
980 | char *token_metadata; | 978 | char *token_metadata; |
981 | char* write_ptr; | 979 | char* write_ptr; |
982 | char* attr_val; | ||
983 | uint64_t time; | 980 | uint64_t time; |
984 | uint64_t exp_time; | 981 | uint64_t exp_time; |
985 | uint64_t rnd_key; | ||
986 | size_t token_metadata_len; | 982 | size_t token_metadata_len; |
987 | 983 | ||
988 | //Remote nonce | 984 | //Remote nonce |
@@ -990,29 +986,19 @@ sign_and_return_token (void *cls, | |||
990 | GNUNET_asprintf (&nonce_str, "%d", handle->nonce); | 986 | GNUNET_asprintf (&nonce_str, "%d", handle->nonce); |
991 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); | 987 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); |
992 | 988 | ||
993 | //Label | ||
994 | rnd_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
995 | UINT64_MAX); | ||
996 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
997 | sizeof (uint64_t), | ||
998 | &lbl_str); | ||
999 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, | 989 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, |
1000 | &pub_key); | 990 | &pub_key); |
1001 | handle->ticket = ticket_create (nonce_str, | 991 | handle->ticket = ticket_create (nonce_str, |
1002 | &pub_key, | 992 | &pub_key, |
1003 | lbl_str, | 993 | handle->label, |
1004 | &handle->aud_key); | 994 | &handle->aud_key); |
1005 | 995 | ||
1006 | time = GNUNET_TIME_absolute_get().abs_value_us; | 996 | time = GNUNET_TIME_absolute_get().abs_value_us; |
1007 | exp_time = time + token_expiration_interval.rel_value_us; | 997 | exp_time = time + token_expiration_interval.rel_value_us; |
1008 | 998 | ||
1009 | GNUNET_asprintf (&attr_val, "%ul", time); | 999 | token_add_attr_int (handle->token, "nbf", time); |
1010 | token_add_attr (handle->token, "nbf", attr_val); | 1000 | token_add_attr_int (handle->token, "iat", time); |
1011 | token_add_attr (handle->token, "iat", attr_val); | 1001 | token_add_attr_int (handle->token, "exp", exp_time); |
1012 | GNUNET_free (attr_val); | ||
1013 | GNUNET_asprintf (&attr_val, "%ul", exp_time); | ||
1014 | token_add_attr (handle->token, "exp", attr_val); | ||
1015 | GNUNET_free (attr_val); | ||
1016 | token_add_attr (handle->token, "nonce", nonce_str); | 1002 | token_add_attr (handle->token, "nonce", nonce_str); |
1017 | 1003 | ||
1018 | //Token in a serialized encrypted format | 1004 | //Token in a serialized encrypted format |
@@ -1049,13 +1035,12 @@ sign_and_return_token (void *cls, | |||
1049 | //Persist token | 1035 | //Persist token |
1050 | handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | 1036 | handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, |
1051 | &handle->iss_key, | 1037 | &handle->iss_key, |
1052 | lbl_str, | 1038 | handle->label, |
1053 | 2, | 1039 | 2, |
1054 | token_record, | 1040 | token_record, |
1055 | &store_token_issue_cont, | 1041 | &store_token_issue_cont, |
1056 | handle); | 1042 | handle); |
1057 | GNUNET_free (ecdhe_privkey); | 1043 | GNUNET_free (ecdhe_privkey); |
1058 | GNUNET_free (lbl_str); | ||
1059 | GNUNET_free (nonce_str); | 1044 | GNUNET_free (nonce_str); |
1060 | GNUNET_free (enc_token_str); | 1045 | GNUNET_free (enc_token_str); |
1061 | GNUNET_free (token_metadata); | 1046 | GNUNET_free (token_metadata); |
@@ -1195,6 +1180,8 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1195 | 1180 | ||
1196 | } | 1181 | } |
1197 | 1182 | ||
1183 | |||
1184 | |||
1198 | /** | 1185 | /** |
1199 | * | 1186 | * |
1200 | * Handler for exchange message | 1187 | * Handler for exchange message |
@@ -1258,6 +1245,137 @@ handle_exchange_message (void *cls, | |||
1258 | 1245 | ||
1259 | } | 1246 | } |
1260 | 1247 | ||
1248 | |||
1249 | /** | ||
1250 | * | ||
1251 | * Look for existing token | ||
1252 | * | ||
1253 | * @param cls the identity entry | ||
1254 | * @param zone the identity | ||
1255 | * @param lbl the name of the record | ||
1256 | * @param rd_count number of records | ||
1257 | * @param rd record data | ||
1258 | * | ||
1259 | */ | ||
1260 | static void | ||
1261 | find_existing_token (void *cls, | ||
1262 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1263 | const char *lbl, | ||
1264 | unsigned int rd_count, | ||
1265 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1266 | { | ||
1267 | struct IssueHandle *handle = cls; | ||
1268 | const struct GNUNET_GNSRECORD_Data *token_metadata_record; | ||
1269 | struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; | ||
1270 | struct GNUNET_HashCode key; | ||
1271 | int scope_count_token; | ||
1272 | uint64_t rnd_key; | ||
1273 | char *scope; | ||
1274 | char *tmp_scopes; | ||
1275 | |||
1276 | if (NULL == lbl) | ||
1277 | { | ||
1278 | //Done | ||
1279 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1280 | ">>> No existing token found\n"); | ||
1281 | //Label | ||
1282 | rnd_key = | ||
1283 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
1284 | UINT64_MAX); | ||
1285 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
1286 | sizeof (uint64_t), | ||
1287 | &handle->label); | ||
1288 | handle->ns_it = NULL; | ||
1289 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1290 | &handle->iss_key, | ||
1291 | &attr_collect, | ||
1292 | handle); | ||
1293 | return; | ||
1294 | } | ||
1295 | |||
1296 | //There should be only a single record for a token under a label | ||
1297 | if (2 != rd_count) | ||
1298 | { | ||
1299 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1300 | return; | ||
1301 | } | ||
1302 | |||
1303 | if (rd[0].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
1304 | { | ||
1305 | token_metadata_record = &rd[0]; | ||
1306 | } else { | ||
1307 | token_metadata_record = &rd[1]; | ||
1308 | } | ||
1309 | if (token_metadata_record->record_type != GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA) | ||
1310 | { | ||
1311 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1312 | return; | ||
1313 | } | ||
1314 | ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); | ||
1315 | aud_key = | ||
1316 | (struct GNUNET_CRYPTO_EcdsaPublicKey *)(token_metadata_record->data+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1317 | tmp_scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1318 | |||
1319 | if (0 != memcmp (aud_key, &handle->aud_key, | ||
1320 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
1321 | { | ||
1322 | char *tmp2 = GNUNET_STRINGS_data_to_string_alloc (aud_key, | ||
1323 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1324 | //Audience does not match! | ||
1325 | char *tmp = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA, | ||
1326 | token_metadata_record->data, | ||
1327 | token_metadata_record->data_size); | ||
1328 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1329 | "Token does not match audience %s vs %s. Moving on\n", | ||
1330 | tmp2, | ||
1331 | tmp); | ||
1332 | GNUNET_free (tmp_scopes); | ||
1333 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1334 | return; | ||
1335 | } | ||
1336 | |||
1337 | scope = strtok (tmp_scopes, ","); | ||
1338 | scope_count_token = 0; | ||
1339 | while (NULL != scope) | ||
1340 | { | ||
1341 | GNUNET_CRYPTO_hash (scope, | ||
1342 | strlen (scope), | ||
1343 | &key); | ||
1344 | |||
1345 | if ((NULL != handle->attr_map) && | ||
1346 | (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, &key))) | ||
1347 | { | ||
1348 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1349 | "Issued token does not include `%s'. Moving on\n", scope); | ||
1350 | GNUNET_free (tmp_scopes); | ||
1351 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1352 | return; | ||
1353 | } | ||
1354 | scope_count_token++; | ||
1355 | scope = strtok (NULL, ","); | ||
1356 | } | ||
1357 | GNUNET_free (tmp_scopes); | ||
1358 | //All scopes in token are also in request. Now | ||
1359 | //Check length | ||
1360 | if (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) == scope_count_token) | ||
1361 | { | ||
1362 | //We have an existing token | ||
1363 | handle->label = GNUNET_strdup (lbl); | ||
1364 | handle->ns_it = NULL; | ||
1365 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1366 | &handle->iss_key, | ||
1367 | &attr_collect, | ||
1368 | handle); | ||
1369 | |||
1370 | return; | ||
1371 | } | ||
1372 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1373 | "Nuber of attributes in token do not match request\n"); | ||
1374 | //No luck | ||
1375 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1376 | } | ||
1377 | |||
1378 | |||
1261 | /** | 1379 | /** |
1262 | * | 1380 | * |
1263 | * Handler for issue message | 1381 | * Handler for issue message |
@@ -1311,21 +1429,21 @@ handle_issue_message (void *cls, | |||
1311 | 1429 | ||
1312 | issue_handle->aud_key = im->aud_key; | 1430 | issue_handle->aud_key = im->aud_key; |
1313 | issue_handle->iss_key = im->iss_key; | 1431 | issue_handle->iss_key = im->iss_key; |
1432 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, | ||
1433 | &issue_handle->iss_pkey); | ||
1314 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); | 1434 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); |
1315 | issue_handle->nonce = im->nonce; | 1435 | issue_handle->nonce = ntohl (im->nonce); |
1316 | GNUNET_SERVER_receive_done (client, GNUNET_OK); | 1436 | GNUNET_SERVER_receive_done (client, GNUNET_OK); |
1317 | GNUNET_SERVER_notification_context_add (nc, client); | 1437 | GNUNET_SERVER_notification_context_add (nc, client); |
1318 | GNUNET_SERVER_client_set_user_context (client, issue_handle); | 1438 | GNUNET_SERVER_client_set_user_context (client, issue_handle); |
1319 | issue_handle->client = client; | 1439 | issue_handle->client = client; |
1320 | issue_handle->scopes = GNUNET_strdup (scopes); | 1440 | issue_handle->scopes = GNUNET_strdup (scopes); |
1321 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, | ||
1322 | &issue_handle->iss_pkey); | ||
1323 | issue_handle->token = token_create (&issue_handle->iss_pkey, | 1441 | issue_handle->token = token_create (&issue_handle->iss_pkey, |
1324 | &im->aud_key); | 1442 | &issue_handle->aud_key); |
1325 | 1443 | ||
1326 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | 1444 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, |
1327 | &im->iss_key, | 1445 | &im->iss_key, |
1328 | &attr_collect, | 1446 | &find_existing_token, |
1329 | issue_handle); | 1447 | issue_handle); |
1330 | } | 1448 | } |
1331 | 1449 | ||
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index caf1a7848..1974df6a5 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c | |||
@@ -238,7 +238,8 @@ token_destroy (struct IdentityToken *token) | |||
238 | GNUNET_CONTAINER_DLL_remove (attr->val_head, | 238 | GNUNET_CONTAINER_DLL_remove (attr->val_head, |
239 | attr->val_tail, | 239 | attr->val_tail, |
240 | val); | 240 | val); |
241 | GNUNET_free (val->value); | 241 | if (NULL != val->value) |
242 | GNUNET_free (val->value); | ||
242 | GNUNET_free (val); | 243 | GNUNET_free (val); |
243 | val = tmp_val; | 244 | val = tmp_val; |
244 | } | 245 | } |
@@ -282,6 +283,37 @@ token_add_attr (struct IdentityToken *token, | |||
282 | new_val); | 283 | new_val); |
283 | } | 284 | } |
284 | 285 | ||
286 | void | ||
287 | token_add_attr_int (struct IdentityToken *token, | ||
288 | const char* key, | ||
289 | uint64_t value) | ||
290 | { | ||
291 | struct TokenAttr *attr; | ||
292 | struct TokenAttrValue *new_val; | ||
293 | GNUNET_assert (NULL != token); | ||
294 | |||
295 | new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); | ||
296 | new_val->int_value = value; | ||
297 | for (attr = token->attr_head; NULL != attr; attr = attr->next) | ||
298 | { | ||
299 | if (0 == strcmp (key, attr->name)) | ||
300 | break; | ||
301 | } | ||
302 | |||
303 | if (NULL == attr) | ||
304 | { | ||
305 | attr = GNUNET_malloc (sizeof (struct TokenAttr)); | ||
306 | attr->name = GNUNET_strdup (key); | ||
307 | GNUNET_CONTAINER_DLL_insert (token->attr_head, | ||
308 | token->attr_tail, | ||
309 | attr); | ||
310 | } | ||
311 | |||
312 | GNUNET_CONTAINER_DLL_insert (attr->val_head, | ||
313 | attr->val_tail, | ||
314 | new_val); | ||
315 | } | ||
316 | |||
285 | static void | 317 | static void |
286 | parse_json_payload(const char* payload_base64, | 318 | parse_json_payload(const char* payload_base64, |
287 | struct IdentityToken *token) | 319 | struct IdentityToken *token) |
@@ -306,15 +338,24 @@ parse_json_payload(const char* payload_base64, | |||
306 | { | 338 | { |
307 | json_array_foreach (value, idx, arr_value) | 339 | json_array_foreach (value, idx, arr_value) |
308 | { | 340 | { |
309 | token_add_attr (token, | 341 | if (json_is_integer (arr_value)) |
310 | key, | 342 | token_add_attr_int (token, key, |
311 | json_string_value (arr_value)); | 343 | json_integer_value (arr_value)); |
344 | else | ||
345 | token_add_attr (token, | ||
346 | key, | ||
347 | json_string_value (arr_value)); | ||
312 | } | 348 | } |
313 | } else { | 349 | } else { |
314 | token_add_attr (token, key, json_string_value (value)); | 350 | if (json_is_integer (value)) |
351 | token_add_attr_int (token, key, | ||
352 | json_integer_value (value)); | ||
353 | else | ||
354 | token_add_attr (token, key, json_string_value (value)); | ||
315 | } | 355 | } |
316 | } | 356 | } |
317 | 357 | ||
358 | json_decref (payload_json); | ||
318 | GNUNET_free (payload); | 359 | GNUNET_free (payload); |
319 | } | 360 | } |
320 | 361 | ||
@@ -423,9 +464,16 @@ create_json_payload (const struct IdentityToken *token) | |||
423 | { | 464 | { |
424 | for (val = attr->val_head; NULL != val; val = val->next) | 465 | for (val = attr->val_head; NULL != val; val = val->next) |
425 | { | 466 | { |
426 | json_object_set_new (root, | 467 | if (NULL != val->value) |
427 | attr->name, | 468 | { |
428 | json_string (val->value)); | 469 | json_object_set_new (root, |
470 | attr->name, | ||
471 | json_string (val->value)); | ||
472 | } else { | ||
473 | json_object_set_new (root, | ||
474 | attr->name, | ||
475 | json_integer (val->int_value)); | ||
476 | } | ||
429 | } | 477 | } |
430 | } | 478 | } |
431 | json_str = json_dumps (root, JSON_INDENT(1)); | 479 | json_str = json_dumps (root, JSON_INDENT(1)); |
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h index 3eeaf9ae2..5d5634111 100644 --- a/src/identity-provider/identity_token.h +++ b/src/identity-provider/identity_token.h | |||
@@ -97,6 +97,12 @@ struct TokenAttrValue | |||
97 | * Attribute value | 97 | * Attribute value |
98 | */ | 98 | */ |
99 | char *value; | 99 | char *value; |
100 | |||
101 | /** | ||
102 | * Attribute int value | ||
103 | * used if NULL == value | ||
104 | */ | ||
105 | uint64_t int_value; | ||
100 | }; | 106 | }; |
101 | 107 | ||
102 | struct TokenTicketPayload | 108 | struct TokenTicketPayload |
@@ -176,6 +182,20 @@ token_add_attr (struct IdentityToken *token, | |||
176 | const char* value); | 182 | const char* value); |
177 | 183 | ||
178 | /** | 184 | /** |
185 | * Add a new key value pair to the token | ||
186 | * | ||
187 | * @param token the token to modify | ||
188 | * @param key the key | ||
189 | * @param value the value | ||
190 | */ | ||
191 | void | ||
192 | token_add_attr_int (struct IdentityToken *token, | ||
193 | const char* key, | ||
194 | uint64_t value); | ||
195 | |||
196 | |||
197 | |||
198 | /** | ||
179 | * Add a value to a TokenAttribute | 199 | * Add a value to a TokenAttribute |
180 | * | 200 | * |
181 | * @param attr the token attribute | 201 | * @param attr the token attribute |
@@ -193,10 +213,10 @@ token_add_attr (struct IdentityToken *token, | |||
193 | * @param value the value | 213 | * @param value the value |
194 | * | 214 | * |
195 | */ | 215 | */ |
196 | void | 216 | void |
197 | token_add_json (const struct IdentityToken *token, | 217 | token_add_json (const struct IdentityToken *token, |
198 | const char* key, | 218 | const char* key, |
199 | json_t* value); | 219 | json_t* value); |
200 | 220 | ||
201 | /** | 221 | /** |
202 | * Serialize a token. The token will be signed and base64 according to the | 222 | * Serialize a token. The token will be signed and base64 according to the |
@@ -214,11 +234,11 @@ token_add_json (const struct IdentityToken *token, | |||
214 | * | 234 | * |
215 | * @return GNUNET_OK on success | 235 | * @return GNUNET_OK on success |
216 | */ | 236 | */ |
217 | int | 237 | int |
218 | token_serialize (const struct IdentityToken*token, | 238 | token_serialize (const struct IdentityToken*token, |
219 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 239 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
220 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | 240 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, |
221 | char **result); | 241 | char **result); |
222 | 242 | ||
223 | /** | 243 | /** |
224 | * Parses the serialized token and returns a token | 244 | * Parses the serialized token and returns a token |
@@ -229,10 +249,10 @@ token_serialize (const struct IdentityToken*token, | |||
229 | * | 249 | * |
230 | * @return GNUNET_OK on success | 250 | * @return GNUNET_OK on success |
231 | */ | 251 | */ |
232 | int | 252 | int |
233 | token_parse (const char* data, | 253 | token_parse (const char* data, |
234 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 254 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
235 | struct IdentityToken **result); | 255 | struct IdentityToken **result); |
236 | 256 | ||
237 | /** | 257 | /** |
238 | * Parses the serialized token and returns a token | 258 | * Parses the serialized token and returns a token |
@@ -263,10 +283,10 @@ token_parse2 (const char* data, | |||
263 | * | 283 | * |
264 | * @return GNUNET_OK on success | 284 | * @return GNUNET_OK on success |
265 | */ | 285 | */ |
266 | int | 286 | int |
267 | token_to_string (const struct IdentityToken *token, | 287 | token_to_string (const struct IdentityToken *token, |
268 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 288 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
269 | char **result); | 289 | char **result); |
270 | 290 | ||
271 | /** | 291 | /** |
272 | * | 292 | * |
@@ -296,10 +316,10 @@ ticket_create (const char* nonce_str, | |||
296 | * | 316 | * |
297 | * @return GNUNET_OK on success | 317 | * @return GNUNET_OK on success |
298 | */ | 318 | */ |
299 | int | 319 | int |
300 | ticket_serialize (struct TokenTicket *ticket, | 320 | ticket_serialize (struct TokenTicket *ticket, |
301 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 321 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
302 | char **result); | 322 | char **result); |
303 | 323 | ||
304 | /** | 324 | /** |
305 | * Destroys a ticket | 325 | * Destroys a ticket |