diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2015-09-14 13:16:54 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2015-09-14 13:16:54 +0000 |
commit | 7d985346fbd1ae815c3fd058dffb56ad58281908 (patch) | |
tree | 974e1001eeb46b5841072b9857a6d35a2d72c3ec /src/identity/plugin_rest_identity.c | |
parent | a13d460940e2368e78c2a7e7d2dc9a6c2365f043 (diff) | |
download | gnunet-7d985346fbd1ae815c3fd058dffb56ad58281908.tar.gz gnunet-7d985346fbd1ae815c3fd058dffb56ad58281908.zip |
- purge token creation from plugin
Diffstat (limited to 'src/identity/plugin_rest_identity.c')
-rw-r--r-- | src/identity/plugin_rest_identity.c | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index e5abe00ee..687908bf0 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c | |||
@@ -70,17 +70,6 @@ | |||
70 | 70 | ||
71 | 71 | ||
72 | /** | 72 | /** |
73 | * URL parameter to create a GNUid token for a specific audience | ||
74 | */ | ||
75 | #define GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN "create_token_for" | ||
76 | |||
77 | /** | ||
78 | * Attribute containing the GNUid token if | ||
79 | * GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN was requested | ||
80 | */ | ||
81 | #define GNUNET_REST_JSONAPI_IDENTITY_GNUID "gnuid_token" | ||
82 | |||
83 | /** | ||
84 | * Error messages | 73 | * Error messages |
85 | */ | 74 | */ |
86 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" | 75 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" |
@@ -291,95 +280,6 @@ do_error (void *cls, | |||
291 | GNUNET_free (json_error); | 280 | GNUNET_free (json_error); |
292 | } | 281 | } |
293 | 282 | ||
294 | /** | ||
295 | * Build a GNUid token for identity | ||
296 | * @param handle the handle | ||
297 | * @param ego_entry the ego to build the token for | ||
298 | * @param name name of the ego | ||
299 | * @param token_aud token audience | ||
300 | * @param token the resulting gnuid token | ||
301 | */ | ||
302 | static void | ||
303 | make_gnuid_token (struct RequestHandle *handle, | ||
304 | struct EgoEntry *ego_entry, | ||
305 | const char *name, | ||
306 | const char *token_aud, | ||
307 | char **token) | ||
308 | { | ||
309 | uint64_t time; | ||
310 | uint64_t lbl; | ||
311 | char *header_str; | ||
312 | char *payload_str; | ||
313 | char *header_base64; | ||
314 | char *payload_base64; | ||
315 | char *sig_str; | ||
316 | char *lbl_str; | ||
317 | json_t *header; | ||
318 | json_t *payload; | ||
319 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
320 | struct GNUNET_CRYPTO_EcdsaSignature sig; | ||
321 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
322 | |||
323 | time = GNUNET_TIME_absolute_get().abs_value_us; | ||
324 | lbl = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX); | ||
325 | GNUNET_STRINGS_base64_encode ((char*)&lbl, sizeof (uint64_t), &lbl_str); | ||
326 | |||
327 | header = json_object (); | ||
328 | json_object_set_new (header, "alg", json_string ("ED512")); | ||
329 | json_object_set_new (header, "typ", json_string ("JWT")); | ||
330 | |||
331 | payload = json_object (); | ||
332 | json_object_set_new (payload, "iss", json_string (ego_entry->keystring)); | ||
333 | json_object_set_new (payload, "lbl", json_string (lbl_str)); | ||
334 | json_object_set_new (payload, "sub", json_string (name)); | ||
335 | json_object_set_new (payload, "nbf", json_integer (time)); | ||
336 | json_object_set_new (payload, "iat", json_integer (time)); | ||
337 | json_object_set_new (payload, "exp", json_integer (time+GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS)); | ||
338 | json_object_set_new (payload, "aud", json_string (token_aud)); | ||
339 | header_str = json_dumps (header, JSON_COMPACT); | ||
340 | GNUNET_STRINGS_base64_encode (header_str, | ||
341 | strlen (header_str), | ||
342 | &header_base64); | ||
343 | char* padding = strtok(header_base64, "="); | ||
344 | while (NULL != padding) | ||
345 | padding = strtok(NULL, "="); | ||
346 | |||
347 | payload_str = json_dumps (payload, JSON_COMPACT); | ||
348 | GNUNET_STRINGS_base64_encode (payload_str, | ||
349 | strlen (payload_str), | ||
350 | &payload_base64); | ||
351 | padding = strtok(payload_base64, "="); | ||
352 | while (NULL != padding) | ||
353 | padding = strtok(NULL, "="); | ||
354 | |||
355 | GNUNET_asprintf (token, "%s,%s", header_base64, payload_base64); | ||
356 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
357 | purpose = | ||
358 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
359 | strlen (*token)); | ||
360 | purpose->size = | ||
361 | htonl (strlen (*token) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); | ||
362 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); | ||
363 | memcpy (&purpose[1], *token, strlen (*token)); | ||
364 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, | ||
365 | purpose, | ||
366 | &sig)) | ||
367 | GNUNET_break(0); | ||
368 | GNUNET_free (*token); | ||
369 | sig_str = GNUNET_STRINGS_data_to_string_alloc (&sig, | ||
370 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
371 | GNUNET_asprintf (token, "%s.%s.%s", | ||
372 | header_base64, payload_base64, sig_str); | ||
373 | GNUNET_free (sig_str); | ||
374 | GNUNET_free (header_str); | ||
375 | GNUNET_free (header_base64); | ||
376 | GNUNET_free (payload_str); | ||
377 | GNUNET_free (payload_base64); | ||
378 | GNUNET_free (purpose); | ||
379 | GNUNET_free (lbl_str); | ||
380 | json_decref (header); | ||
381 | json_decref (payload); | ||
382 | } | ||
383 | 283 | ||
384 | /** | 284 | /** |
385 | * Callback for IDENTITY_get() | 285 | * Callback for IDENTITY_get() |
@@ -454,8 +354,6 @@ ego_info_response (struct RestConnectionDataHandle *con, | |||
454 | const char *egoname; | 354 | const char *egoname; |
455 | char *result_str; | 355 | char *result_str; |
456 | char *subsys_val; | 356 | char *subsys_val; |
457 | char *create_token_for; | ||
458 | char *token; | ||
459 | char *keystring; | 357 | char *keystring; |
460 | struct RequestHandle *handle = cls; | 358 | struct RequestHandle *handle = cls; |
461 | struct EgoEntry *ego_entry; | 359 | struct EgoEntry *ego_entry; |
@@ -464,7 +362,6 @@ ego_info_response (struct RestConnectionDataHandle *con, | |||
464 | struct JsonApiObject *json_object; | 362 | struct JsonApiObject *json_object; |
465 | struct JsonApiResource *json_resource; | 363 | struct JsonApiResource *json_resource; |
466 | json_t *name_str; | 364 | json_t *name_str; |
467 | json_t *token_str; | ||
468 | 365 | ||
469 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, GNUNET_REST_API_NS_IDENTITY)) | 366 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, GNUNET_REST_API_NS_IDENTITY)) |
470 | { | 367 | { |
@@ -512,18 +409,6 @@ ego_info_response (struct RestConnectionDataHandle *con, | |||
512 | } | 409 | } |
513 | } | 410 | } |
514 | 411 | ||
515 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN, | ||
516 | strlen (GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN), | ||
517 | &key); | ||
518 | |||
519 | //Token audience | ||
520 | create_token_for = NULL; | ||
521 | if ( GNUNET_YES == | ||
522 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
523 | &key) ) | ||
524 | create_token_for = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
525 | &key); | ||
526 | |||
527 | json_object = GNUNET_REST_jsonapi_object_new (); | 412 | json_object = GNUNET_REST_jsonapi_object_new (); |
528 | 413 | ||
529 | //Return all egos | 414 | //Return all egos |
@@ -541,20 +426,6 @@ ego_info_response (struct RestConnectionDataHandle *con, | |||
541 | GNUNET_REST_JSONAPI_IDENTITY_NAME, | 426 | GNUNET_REST_JSONAPI_IDENTITY_NAME, |
542 | name_str); | 427 | name_str); |
543 | json_decref (name_str); | 428 | json_decref (name_str); |
544 | if (NULL != create_token_for) | ||
545 | { | ||
546 | make_gnuid_token (handle, | ||
547 | ego_entry, | ||
548 | ego_entry->identifier, | ||
549 | create_token_for, | ||
550 | &token); | ||
551 | token_str = json_string (token); | ||
552 | GNUNET_free (token); | ||
553 | GNUNET_REST_jsonapi_resource_add_attr (json_resource, | ||
554 | GNUNET_REST_JSONAPI_IDENTITY_GNUID, | ||
555 | token_str); | ||
556 | json_decref (token_str); | ||
557 | } | ||
558 | GNUNET_REST_jsonapi_object_resource_add (json_object, json_resource); | 429 | GNUNET_REST_jsonapi_object_resource_add (json_object, json_resource); |
559 | } | 430 | } |
560 | if (0 == GNUNET_REST_jsonapi_object_resource_count (json_object)) | 431 | if (0 == GNUNET_REST_jsonapi_object_resource_count (json_object)) |