add attribute expiration

author: Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> 2018-04-10 11:26:46 +0200
committer: Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> 2018-04-10 11:26:46 +0200
commit: b1af3dcf2ad69264883a398ab431fa99c7135f79 (patch)
tree: aed788ced81305b7cc7ed361c33fa9bb386bd087 /src/identity-provider
parent: e331d5f6dfb406f9c56d4b3cb69b671b317d6992 (diff)
download: gnunet-b1af3dcf2ad69264883a398ab431fa99c7135f79.tar.gz
gnunet-b1af3dcf2ad69264883a398ab431fa99c7135f79.zip
5 files changed, 95 insertions, 15 deletions
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c
index 995dd5775..95e9f398d 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/identity-provider/gnunet-idp.c
@@ -126,6 +126,11 @@ static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
 */
 static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+/**
+ * Attribute expiration interval
+ */
+static struct GNUNET_TIME_Relative exp_interval;
 static void
 do_cleanup(void *cls)
 {
@@ -272,6 +277,7 @@ iter_finished (void *cls)
  idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
                                                     pkey,
                                                     claim,
+                                                     &exp_interval,
                                                     &store_attr_cont,
                                                     NULL);
@@ -383,6 +389,7 @@ run (void *cls,
 int
 main(int argc, char *const argv[])
 {
+  exp_interval = GNUNET_TIME_UNIT_HOURS;
  struct GNUNET_GETOPT_CommandLineOption options[] = {
    GNUNET_GETOPT_option_string ('a',
@@ -430,6 +437,12 @@ main(int argc, char *const argv[])
                                 NULL,
                                 gettext_noop ("Type of attribute"),
                                 &type_str),
+    GNUNET_GETOPT_option_relative_time ('E',
+                                        "expiration",
+                                        NULL,
+                                        gettext_noop ("Expiration interval of the attribute"),
+                                        &exp_interval),
    GNUNET_GETOPT_OPTION_END
  };
  return (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "ct",
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 207923d5e..a518d00ae 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -364,6 +364,11 @@ struct AttributeStoreHandle
  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
  /**
+   * The attribute expiration interval
+   */
+  struct GNUNET_TIME_Relative exp;
+  /**
   * request id
   */
  uint32_t r_id;
@@ -1308,12 +1313,29 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
 }
 /**
- * Revoke next attribte by reencryption with
+ * Failed to check for attribute
- * new ABE master
 */
 static void
-reenc_next_attribute (struct TicketRevocationHandle *rh)
+check_attr_error (void *cls)
+{
+  struct TicketRevocationHandle *rh = cls;
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Unable to check for existing attribute\n");
+  send_revocation_finished (rh, GNUNET_SYSERR);
+  cleanup_revoke_ticket_handle (rh);
+}
+/**
+ * Check for existing attribute and overwrite
+ */
+static void
+check_attr_cb (void *cls,
+               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+               const char *label,
+               unsigned int rd_count,
+               const struct GNUNET_GNSRECORD_Data *rd_old)
 {
+  struct TicketRevocationHandle *rh = cls;
  struct GNUNET_GNSRECORD_Data rd[1];
  char* buf;
  char* enc_buf;
@@ -1323,15 +1345,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  char* policy;
  uint32_t attr_ver;
-  if (NULL == rh->attrs->list_head)
-  {
-    revocation_reissue_tickets (rh);
-    return;
-  }
  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
  buf = GNUNET_malloc (buf_size);
  GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
-                       buf);
+                                       buf);
  rh->attrs->list_head->claim->version++;
  GNUNET_asprintf (&policy, "%s_%lu",
                   rh->attrs->list_head->claim->name,
@@ -1342,10 +1360,10 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
   * Encrypt the attribute value and store in namestore
   */
  enc_size = GNUNET_ABE_cpabe_encrypt (buf,
-                                          buf_size,
+                                       buf_size,
-                                          policy, //Policy
+                                       policy, //Policy
-                                          rh->abe_key,
+                                       rh->abe_key,
-                                          (void**)&enc_buf);
+                                       (void**)&enc_buf);
  GNUNET_free (buf);
  if (GNUNET_SYSERR == enc_size)
  {
@@ -1371,7 +1389,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  rd[0].data = rd_buf;
  rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
  rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-  rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+  rd[0].expiration_time = rd_old[0].expiration_time;
  rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                              &rh->identity,
                                              rh->attrs->list_head->claim->name,
@@ -1383,6 +1401,30 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  GNUNET_free (rd_buf);
 }
+/**
+ * Revoke next attribte by reencryption with
+ * new ABE master
+ */
+static void
+reenc_next_attribute (struct TicketRevocationHandle *rh)
+{
+  if (NULL == rh->attrs->list_head)
+  {
+    revocation_reissue_tickets (rh);
+    return;
+  }
+  /* First check if attribute still exists */
+  rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
+                                               &rh->identity,
+                                               rh->attrs->list_head->claim->name,
+                                               &check_attr_error,
+                                               rh,
+                                               &check_attr_cb,
+                                               rh);
+}
 /**
 * Namestore callback after revoked attribute
 * is stored
@@ -1878,7 +1920,7 @@ attr_store_task (void *cls)
  rd[0].data = rd_buf;
  rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
  rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-  rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+  rd[0].expiration_time = as_handle->exp.rel_value_us;
  as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                                     &as_handle->identity,
                                                     as_handle->claim->name,
@@ -1936,6 +1978,7 @@ handle_attribute_store_message (void *cls,
  as_handle->r_id = ntohl (sam->id);
  as_handle->identity = sam->identity;
+  as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
  GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
                                      &as_handle->identity_pkey);
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h
index b1fe6e1fd..625b8f96d 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -54,6 +54,11 @@ struct AttributeStoreMessage
  uint32_t attr_len GNUNET_PACKED;
  /**
+   * The expiration interval of the attribute
+   */
+  uint64_t exp GNUNET_PACKED;
+  /**
   * Identity
   */
  struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index e993a1ac7..21ce6e3d6 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -908,6 +908,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
 * @param h handle to the identity provider
 * @param pkey private key of the identity
 * @param attr the attribute value
+ * @param exp_interval the relative expiration interval for the attribute
 * @param cont continuation to call when done
 * @param cont_cls closure for @a cont
 * @return handle to abort the request
@@ -916,6 +917,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation *
 GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
                                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
                                          const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+                                          const struct GNUNET_TIME_Relative *exp_interval,
                                          GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
                                          void *cont_cls)
 {
@@ -937,6 +939,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
                                 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
  sam->identity = *pkey;
  sam->id = htonl (op->r_id);
+  sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
  GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
                                       (char*)&sam[1]);
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index 398d09cd2..03279983b 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -546,6 +546,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  const char* identity;
  const char* name_str;
  const char* value_str;
+  const char* exp_str;
  struct RequestHandle *handle = cls;
  struct EgoEntry *ego_entry;
@@ -553,9 +554,11 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
  struct GNUNET_JSONAPI_Document *json_obj;
  struct GNUNET_JSONAPI_Resource *json_res;
+  struct GNUNET_TIME_Relative exp;
  char term_data[handle->rest_handle->data_size+1];
  json_t *value_json;
  json_t *data_json;
+  json_t *exp_json;
  json_error_t err;
  struct GNUNET_JSON_Specification docspec[] = {
    GNUNET_JSON_spec_jsonapi_document (&json_obj),
@@ -635,6 +638,18 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
    return;
  }
  name_str = GNUNET_JSONAPI_resource_get_id (json_res);
+  exp_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+                                                "exp");
+  exp_str = json_string_value (exp_json);
+  if (NULL == exp_str) {
+    exp = GNUNET_TIME_UNIT_HOURS;
+  } else {
+    if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str,
+                                           &exp)) {
+      exp = GNUNET_TIME_UNIT_HOURS;
+    }
+  }
  value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
                                                  "value");
  value_str = json_string_value (value_json);
@@ -646,6 +661,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
  handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
                                                             identity_priv,
                                                             attribute,
+                                                             &exp,
                                                             &finished_cont,
                                                             handle);
  GNUNET_free (attribute);
author	Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>	2018-04-10 11:26:46 +0200
committer	Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de>	2018-04-10 11:26:46 +0200
commit	b1af3dcf2ad69264883a398ab431fa99c7135f79 (patch)
tree	aed788ced81305b7cc7ed361c33fa9bb386bd087 /src/identity-provider
parent	e331d5f6dfb406f9c56d4b3cb69b671b317d6992 (diff)
download	gnunet-b1af3dcf2ad69264883a398ab431fa99c7135f79.tar.gz gnunet-b1af3dcf2ad69264883a398ab431fa99c7135f79.zip

diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index 995dd5775..95e9f398d 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c
@@ -126,6 +126,11 @@ static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
126	*/	126	*/
127	static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;	127	static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
128		128
		129	/**
		130	* Attribute expiration interval
		131	*/
		132	static struct GNUNET_TIME_Relative exp_interval;
		133
129	static void	134	static void
130	do_cleanup(void *cls)	135	do_cleanup(void *cls)
131	{	136	{
@@ -272,6 +277,7 @@ iter_finished (void *cls)
272	idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,	277	idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
273	pkey,	278	pkey,
274	claim,	279	claim,
		280	&exp_interval,
275	&store_attr_cont,	281	&store_attr_cont,
276	NULL);	282	NULL);
277		283
@@ -383,6 +389,7 @@ run (void *cls,
383	int	389	int
384	main(int argc, char *const argv[])	390	main(int argc, char *const argv[])
385	{	391	{
		392	exp_interval = GNUNET_TIME_UNIT_HOURS;
386	struct GNUNET_GETOPT_CommandLineOption options[] = {	393	struct GNUNET_GETOPT_CommandLineOption options[] = {
387		394
388	GNUNET_GETOPT_option_string ('a',	395	GNUNET_GETOPT_option_string ('a',
@@ -430,6 +437,12 @@ main(int argc, char *const argv[])
430	NULL,	437	NULL,
431	gettext_noop ("Type of attribute"),	438	gettext_noop ("Type of attribute"),
432	&type_str),	439	&type_str),
		440	GNUNET_GETOPT_option_relative_time ('E',
		441	"expiration",
		442	NULL,
		443	gettext_noop ("Expiration interval of the attribute"),
		444	&exp_interval),
		445
433	GNUNET_GETOPT_OPTION_END	446	GNUNET_GETOPT_OPTION_END
434	};	447	};
435	return (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "ct",	448	return (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "ct",


diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 207923d5e..a518d00ae 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -364,6 +364,11 @@ struct AttributeStoreHandle
364	struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;	364	struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
365		365
366	/**	366	/**
		367	* The attribute expiration interval
		368	*/
		369	struct GNUNET_TIME_Relative exp;
		370
		371	/**
367	* request id	372	* request id
368	*/	373	*/
369	uint32_t r_id;	374	uint32_t r_id;
@@ -1308,12 +1313,29 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
1308	}	1313	}
1309		1314
1310	/**	1315	/**
1311	* Revoke next attribte by reencryption with	1316	* Failed to check for attribute
1312	* new ABE master
1313	*/	1317	*/
1314	static void	1318	static void
1315	reenc_next_attribute (struct TicketRevocationHandle *rh)	1319	check_attr_error (void *cls)
		1320	{
		1321	struct TicketRevocationHandle *rh = cls;
		1322	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		1323	"Unable to check for existing attribute\n");
		1324	send_revocation_finished (rh, GNUNET_SYSERR);
		1325	cleanup_revoke_ticket_handle (rh);
		1326	}
		1327
		1328	/**
		1329	* Check for existing attribute and overwrite
		1330	*/
		1331	static void
		1332	check_attr_cb (void *cls,
		1333	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
		1334	const char *label,
		1335	unsigned int rd_count,
		1336	const struct GNUNET_GNSRECORD_Data *rd_old)
1316	{	1337	{
		1338	struct TicketRevocationHandle *rh = cls;
1317	struct GNUNET_GNSRECORD_Data rd[1];	1339	struct GNUNET_GNSRECORD_Data rd[1];
1318	char* buf;	1340	char* buf;
1319	char* enc_buf;	1341	char* enc_buf;
@@ -1323,15 +1345,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1323	char* policy;	1345	char* policy;
1324	uint32_t attr_ver;	1346	uint32_t attr_ver;
1325		1347
1326	if (NULL == rh->attrs->list_head)	1348
1327	{
1328	revocation_reissue_tickets (rh);
1329	return;
1330	}
1331	buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);	1349	buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
1332	buf = GNUNET_malloc (buf_size);	1350	buf = GNUNET_malloc (buf_size);
1333	GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,	1351	GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
1334	buf);	1352	buf);
1335	rh->attrs->list_head->claim->version++;	1353	rh->attrs->list_head->claim->version++;
1336	GNUNET_asprintf (&policy, "%s_%lu",	1354	GNUNET_asprintf (&policy, "%s_%lu",
1337	rh->attrs->list_head->claim->name,	1355	rh->attrs->list_head->claim->name,
@@ -1342,10 +1360,10 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1342	* Encrypt the attribute value and store in namestore	1360	* Encrypt the attribute value and store in namestore
1343	*/	1361	*/
1344	enc_size = GNUNET_ABE_cpabe_encrypt (buf,	1362	enc_size = GNUNET_ABE_cpabe_encrypt (buf,
1345	buf_size,	1363	buf_size,
1346	policy, //Policy	1364	policy, //Policy
1347	rh->abe_key,	1365	rh->abe_key,
1348	(void**)&enc_buf);	1366	(void**)&enc_buf);
1349	GNUNET_free (buf);	1367	GNUNET_free (buf);
1350	if (GNUNET_SYSERR == enc_size)	1368	if (GNUNET_SYSERR == enc_size)
1351	{	1369	{
@@ -1371,7 +1389,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1371	rd[0].data = rd_buf;	1389	rd[0].data = rd_buf;
1372	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;	1390	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
1373	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;	1391	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
1374	rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?	1392	rd[0].expiration_time = rd_old[0].expiration_time;
1375	rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,	1393	rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1376	&rh->identity,	1394	&rh->identity,
1377	rh->attrs->list_head->claim->name,	1395	rh->attrs->list_head->claim->name,
@@ -1383,6 +1401,30 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1383	GNUNET_free (rd_buf);	1401	GNUNET_free (rd_buf);
1384	}	1402	}
1385		1403
		1404
		1405	/**
		1406	* Revoke next attribte by reencryption with
		1407	* new ABE master
		1408	*/
		1409	static void
		1410	reenc_next_attribute (struct TicketRevocationHandle *rh)
		1411	{
		1412	if (NULL == rh->attrs->list_head)
		1413	{
		1414	revocation_reissue_tickets (rh);
		1415	return;
		1416	}
		1417	/* First check if attribute still exists */
		1418	rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
		1419	&rh->identity,
		1420	rh->attrs->list_head->claim->name,
		1421	&check_attr_error,
		1422	rh,
		1423	&check_attr_cb,
		1424	rh);
		1425	}
		1426
		1427
1386	/**	1428	/**
1387	* Namestore callback after revoked attribute	1429	* Namestore callback after revoked attribute
1388	* is stored	1430	* is stored
@@ -1878,7 +1920,7 @@ attr_store_task (void *cls)
1878	rd[0].data = rd_buf;	1920	rd[0].data = rd_buf;
1879	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;	1921	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
1880	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;	1922	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
1881	rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?	1923	rd[0].expiration_time = as_handle->exp.rel_value_us;
1882	as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,	1924	as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1883	&as_handle->identity,	1925	&as_handle->identity,
1884	as_handle->claim->name,	1926	as_handle->claim->name,
@@ -1936,6 +1978,7 @@ handle_attribute_store_message (void *cls,
1936		1978
1937	as_handle->r_id = ntohl (sam->id);	1979	as_handle->r_id = ntohl (sam->id);
1938	as_handle->identity = sam->identity;	1980	as_handle->identity = sam->identity;
		1981	as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
1939	GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,	1982	GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
1940	&as_handle->identity_pkey);	1983	&as_handle->identity_pkey);
1941		1984


diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index b1fe6e1fd..625b8f96d 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h
@@ -54,6 +54,11 @@ struct AttributeStoreMessage
54	uint32_t attr_len GNUNET_PACKED;	54	uint32_t attr_len GNUNET_PACKED;
55		55
56	/**	56	/**
		57	* The expiration interval of the attribute
		58	*/
		59	uint64_t exp GNUNET_PACKED;
		60
		61	/**
57	* Identity	62	* Identity
58	*/	63	*/
59	struct GNUNET_CRYPTO_EcdsaPrivateKey identity;	64	struct GNUNET_CRYPTO_EcdsaPrivateKey identity;


diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index e993a1ac7..21ce6e3d6 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c
@@ -908,6 +908,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
908	* @param h handle to the identity provider	908	* @param h handle to the identity provider
909	* @param pkey private key of the identity	909	* @param pkey private key of the identity
910	* @param attr the attribute value	910	* @param attr the attribute value
		911	* @param exp_interval the relative expiration interval for the attribute
911	* @param cont continuation to call when done	912	* @param cont continuation to call when done
912	* @param cont_cls closure for @a cont	913	* @param cont_cls closure for @a cont
913	* @return handle to abort the request	914	* @return handle to abort the request
@@ -916,6 +917,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation *
916	GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,	917	GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
917	const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,	918	const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
918	const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,	919	const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
		920	const struct GNUNET_TIME_Relative *exp_interval,
919	GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,	921	GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
920	void *cont_cls)	922	void *cont_cls)
921	{	923	{
@@ -937,6 +939,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle
937	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);	939	GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
938	sam->identity = *pkey;	940	sam->identity = *pkey;
939	sam->id = htonl (op->r_id);	941	sam->id = htonl (op->r_id);
		942	sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
940		943
941	GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,	944	GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
942	(char*)&sam[1]);	945	(char*)&sam[1]);


diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 398d09cd2..03279983b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -546,6 +546,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
546	const char* identity;	546	const char* identity;
547	const char* name_str;	547	const char* name_str;
548	const char* value_str;	548	const char* value_str;
		549	const char* exp_str;
549		550
550	struct RequestHandle *handle = cls;	551	struct RequestHandle *handle = cls;
551	struct EgoEntry *ego_entry;	552	struct EgoEntry *ego_entry;
@@ -553,9 +554,11 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
553	struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;	554	struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
554	struct GNUNET_JSONAPI_Document *json_obj;	555	struct GNUNET_JSONAPI_Document *json_obj;
555	struct GNUNET_JSONAPI_Resource *json_res;	556	struct GNUNET_JSONAPI_Resource *json_res;
		557	struct GNUNET_TIME_Relative exp;
556	char term_data[handle->rest_handle->data_size+1];	558	char term_data[handle->rest_handle->data_size+1];
557	json_t *value_json;	559	json_t *value_json;
558	json_t *data_json;	560	json_t *data_json;
		561	json_t *exp_json;
559	json_error_t err;	562	json_error_t err;
560	struct GNUNET_JSON_Specification docspec[] = {	563	struct GNUNET_JSON_Specification docspec[] = {
561	GNUNET_JSON_spec_jsonapi_document (&json_obj),	564	GNUNET_JSON_spec_jsonapi_document (&json_obj),
@@ -635,6 +638,18 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
635	return;	638	return;
636	}	639	}
637	name_str = GNUNET_JSONAPI_resource_get_id (json_res);	640	name_str = GNUNET_JSONAPI_resource_get_id (json_res);
		641	exp_json = GNUNET_JSONAPI_resource_read_attr (json_res,
		642	"exp");
		643	exp_str = json_string_value (exp_json);
		644	if (NULL == exp_str) {
		645	exp = GNUNET_TIME_UNIT_HOURS;
		646	} else {
		647	if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str,
		648	&exp)) {
		649	exp = GNUNET_TIME_UNIT_HOURS;
		650	}
		651	}
		652
638	value_json = GNUNET_JSONAPI_resource_read_attr (json_res,	653	value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
639	"value");	654	"value");
640	value_str = json_string_value (value_json);	655	value_str = json_string_value (value_json);
@@ -646,6 +661,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
646	handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,	661	handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
647	identity_priv,	662	identity_priv,
648	attribute,	663	attribute,
		664	&exp,
649	&finished_cont,	665	&finished_cont,
650	handle);	666	handle);
651	GNUNET_free (attribute);	667	GNUNET_free (attribute);