- purge token creation from plugin

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2015-09-14 13:16:54 +0000
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2015-09-14 13:16:54 +0000
commit: 7d985346fbd1ae815c3fd058dffb56ad58281908 (patch)
tree: 974e1001eeb46b5841072b9857a6d35a2d72c3ec /src/identity
parent: a13d460940e2368e78c2a7e7d2dc9a6c2365f043 (diff)
download: gnunet-7d985346fbd1ae815c3fd058dffb56ad58281908.tar.gz
gnunet-7d985346fbd1ae815c3fd058dffb56ad58281908.zip
1 files changed, 0 insertions, 129 deletions
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index e5abe00ee..687908bf0 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -70,17 +70,6 @@
 /**
- * URL parameter to create a GNUid token for a specific audience
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN "create_token_for"
-/**
- * Attribute containing the GNUid token if
- * GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN was requested
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_GNUID "gnuid_token"
-/**
 * Error messages
 */
 #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid"
@@ -291,95 +280,6 @@ do_error (void *cls,
  GNUNET_free (json_error);
 }
-/**
- * Build a GNUid token for identity
- * @param handle the handle
- * @param ego_entry the ego to build the token for
- * @param name name of the ego
- * @param token_aud token audience
- * @param token the resulting gnuid token
- */
-static void
-make_gnuid_token (struct RequestHandle *handle,
-                  struct EgoEntry *ego_entry,
-                  const char *name,
-                  const char *token_aud,
-                  char **token)
-{
-  uint64_t time;
-  uint64_t lbl;
-  char *header_str;
-  char *payload_str;
-  char *header_base64;
-  char *payload_base64;
-  char *sig_str;
-  char *lbl_str;
-  json_t *header;
-  json_t *payload;
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
-  struct GNUNET_CRYPTO_EcdsaSignature sig;
-  struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
-  time = GNUNET_TIME_absolute_get().abs_value_us;
-  lbl = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX);
-  GNUNET_STRINGS_base64_encode ((char*)&lbl, sizeof (uint64_t), &lbl_str);
-  header = json_object ();
-  json_object_set_new (header, "alg", json_string ("ED512"));
-  json_object_set_new (header, "typ", json_string ("JWT"));
-  
-  payload = json_object ();
-  json_object_set_new (payload, "iss", json_string (ego_entry->keystring));
-  json_object_set_new (payload, "lbl", json_string (lbl_str));
-  json_object_set_new (payload, "sub", json_string (name));
-  json_object_set_new (payload, "nbf", json_integer (time));
-  json_object_set_new (payload, "iat", json_integer (time));
-  json_object_set_new (payload, "exp", json_integer (time+GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS));
-  json_object_set_new (payload, "aud", json_string (token_aud));
-  header_str = json_dumps (header, JSON_COMPACT);
-  GNUNET_STRINGS_base64_encode (header_str,
-                                strlen (header_str),
-                                &header_base64);
-  char* padding = strtok(header_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-  payload_str = json_dumps (payload, JSON_COMPACT);
-  GNUNET_STRINGS_base64_encode (payload_str,
-                                strlen (payload_str),
-                                &payload_base64);
-  padding = strtok(payload_base64, "=");
-  while (NULL != padding)
-    padding = strtok(NULL, "=");
-  GNUNET_asprintf (token, "%s,%s", header_base64, payload_base64);
-  priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-  purpose = 
-    GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + 
-                   strlen (*token));
-  purpose->size = 
-    htonl (strlen (*token) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
-  purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
-  memcpy (&purpose[1], *token, strlen (*token));
-  if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
-                                             purpose,
-                                             &sig))
-    GNUNET_break(0);
-  GNUNET_free (*token);
-  sig_str = GNUNET_STRINGS_data_to_string_alloc (&sig,
-                                                 sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
-  GNUNET_asprintf (token, "%s.%s.%s",
-                   header_base64, payload_base64, sig_str);
-  GNUNET_free (sig_str);
-  GNUNET_free (header_str);
-  GNUNET_free (header_base64);
-  GNUNET_free (payload_str);
-  GNUNET_free (payload_base64);
-  GNUNET_free (purpose);
-  GNUNET_free (lbl_str);
-  json_decref (header);
-  json_decref (payload);
-}
 /**
 * Callback for IDENTITY_get()
@@ -454,8 +354,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
  const char *egoname;
  char *result_str;
  char *subsys_val;
-  char *create_token_for;
-  char *token;
  char *keystring;
  struct RequestHandle *handle = cls;
  struct EgoEntry *ego_entry;
@@ -464,7 +362,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
  struct JsonApiObject *json_object;
  struct JsonApiResource *json_resource;
  json_t *name_str;
-  json_t *token_str;
  if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, GNUNET_REST_API_NS_IDENTITY))
  {
@@ -512,18 +409,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
    }
  }
-  GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN,
-                      strlen (GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN),
-                      &key);
-  //Token audience
-  create_token_for = NULL;
-  if ( GNUNET_YES ==
-       GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
-                                               &key) )
-    create_token_for = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
-                                                          &key);
  json_object = GNUNET_REST_jsonapi_object_new ();
  //Return all egos
@@ -541,20 +426,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
                                           GNUNET_REST_JSONAPI_IDENTITY_NAME,
                                           name_str);
    json_decref (name_str);
-    if (NULL != create_token_for)
-    {
-      make_gnuid_token (handle,
-                        ego_entry,
-                        ego_entry->identifier,
-                        create_token_for,
-                        &token);
-      token_str = json_string (token);
-      GNUNET_free (token);
-      GNUNET_REST_jsonapi_resource_add_attr (json_resource,
-                                             GNUNET_REST_JSONAPI_IDENTITY_GNUID,
-                                             token_str);
-      json_decref (token_str);
-    }
    GNUNET_REST_jsonapi_object_resource_add (json_object, json_resource);
  }
  if (0 == GNUNET_REST_jsonapi_object_resource_count (json_object))
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2015-09-14 13:16:54 +0000
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2015-09-14 13:16:54 +0000
commit	7d985346fbd1ae815c3fd058dffb56ad58281908 (patch)
tree	974e1001eeb46b5841072b9857a6d35a2d72c3ec /src/identity
parent	a13d460940e2368e78c2a7e7d2dc9a6c2365f043 (diff)
download	gnunet-7d985346fbd1ae815c3fd058dffb56ad58281908.tar.gz gnunet-7d985346fbd1ae815c3fd058dffb56ad58281908.zip

diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index e5abe00ee..687908bf0 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c
@@ -70,17 +70,6 @@
70		70
71		71
72	/**	72	/**
73	* URL parameter to create a GNUid token for a specific audience
74	*/
75	#define GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN "create_token_for"
76
77	/**
78	* Attribute containing the GNUid token if
79	* GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN was requested
80	*/
81	#define GNUNET_REST_JSONAPI_IDENTITY_GNUID "gnuid_token"
82
83	/**
84	* Error messages	73	* Error messages
85	*/	74	*/
86	#define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid"	75	#define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid"
@@ -291,95 +280,6 @@ do_error (void *cls,
291	GNUNET_free (json_error);	280	GNUNET_free (json_error);
292	}	281	}
293		282
294	/**
295	* Build a GNUid token for identity
296	* @param handle the handle
297	* @param ego_entry the ego to build the token for
298	* @param name name of the ego
299	* @param token_aud token audience
300	* @param token the resulting gnuid token
301	*/
302	static void
303	make_gnuid_token (struct RequestHandle *handle,
304	struct EgoEntry *ego_entry,
305	const char *name,
306	const char *token_aud,
307	char **token)
308	{
309	uint64_t time;
310	uint64_t lbl;
311	char *header_str;
312	char *payload_str;
313	char *header_base64;
314	char *payload_base64;
315	char *sig_str;
316	char *lbl_str;
317	json_t *header;
318	json_t *payload;
319	const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
320	struct GNUNET_CRYPTO_EcdsaSignature sig;
321	struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
322
323	time = GNUNET_TIME_absolute_get().abs_value_us;
324	lbl = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX);
325	GNUNET_STRINGS_base64_encode ((char*)&lbl, sizeof (uint64_t), &lbl_str);
326
327	header = json_object ();
328	json_object_set_new (header, "alg", json_string ("ED512"));
329	json_object_set_new (header, "typ", json_string ("JWT"));
330
331	payload = json_object ();
332	json_object_set_new (payload, "iss", json_string (ego_entry->keystring));
333	json_object_set_new (payload, "lbl", json_string (lbl_str));
334	json_object_set_new (payload, "sub", json_string (name));
335	json_object_set_new (payload, "nbf", json_integer (time));
336	json_object_set_new (payload, "iat", json_integer (time));
337	json_object_set_new (payload, "exp", json_integer (time+GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS));
338	json_object_set_new (payload, "aud", json_string (token_aud));
339	header_str = json_dumps (header, JSON_COMPACT);
340	GNUNET_STRINGS_base64_encode (header_str,
341	strlen (header_str),
342	&header_base64);
343	char* padding = strtok(header_base64, "=");
344	while (NULL != padding)
345	padding = strtok(NULL, "=");
346
347	payload_str = json_dumps (payload, JSON_COMPACT);
348	GNUNET_STRINGS_base64_encode (payload_str,
349	strlen (payload_str),
350	&payload_base64);
351	padding = strtok(payload_base64, "=");
352	while (NULL != padding)
353	padding = strtok(NULL, "=");
354
355	GNUNET_asprintf (token, "%s,%s", header_base64, payload_base64);
356	priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
357	purpose =
358	GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
359	strlen (*token));
360	purpose->size =
361	htonl (strlen (*token) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
362	purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
363	memcpy (&purpose[1], token, strlen (token));
364	if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
365	purpose,
366	&sig))
367	GNUNET_break(0);
368	GNUNET_free (*token);
369	sig_str = GNUNET_STRINGS_data_to_string_alloc (&sig,
370	sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
371	GNUNET_asprintf (token, "%s.%s.%s",
372	header_base64, payload_base64, sig_str);
373	GNUNET_free (sig_str);
374	GNUNET_free (header_str);
375	GNUNET_free (header_base64);
376	GNUNET_free (payload_str);
377	GNUNET_free (payload_base64);
378	GNUNET_free (purpose);
379	GNUNET_free (lbl_str);
380	json_decref (header);
381	json_decref (payload);
382	}
383		283
384	/**	284	/**
385	* Callback for IDENTITY_get()	285	* Callback for IDENTITY_get()
@@ -454,8 +354,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
454	const char *egoname;	354	const char *egoname;
455	char *result_str;	355	char *result_str;
456	char *subsys_val;	356	char *subsys_val;
457	char *create_token_for;
458	char *token;
459	char *keystring;	357	char *keystring;
460	struct RequestHandle *handle = cls;	358	struct RequestHandle *handle = cls;
461	struct EgoEntry *ego_entry;	359	struct EgoEntry *ego_entry;
@@ -464,7 +362,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
464	struct JsonApiObject *json_object;	362	struct JsonApiObject *json_object;
465	struct JsonApiResource *json_resource;	363	struct JsonApiResource *json_resource;
466	json_t *name_str;	364	json_t *name_str;
467	json_t *token_str;
468		365
469	if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, GNUNET_REST_API_NS_IDENTITY))	366	if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, GNUNET_REST_API_NS_IDENTITY))
470	{	367	{
@@ -512,18 +409,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
512	}	409	}
513	}	410	}
514		411
515	GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN,
516	strlen (GNUNET_REST_JSONAPI_IDENTITY_CREATE_TOKEN),
517	&key);
518
519	//Token audience
520	create_token_for = NULL;
521	if ( GNUNET_YES ==
522	GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
523	&key) )
524	create_token_for = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
525	&key);
526
527	json_object = GNUNET_REST_jsonapi_object_new ();	412	json_object = GNUNET_REST_jsonapi_object_new ();
528		413
529	//Return all egos	414	//Return all egos
@@ -541,20 +426,6 @@ ego_info_response (struct RestConnectionDataHandle *con,
541	GNUNET_REST_JSONAPI_IDENTITY_NAME,	426	GNUNET_REST_JSONAPI_IDENTITY_NAME,
542	name_str);	427	name_str);
543	json_decref (name_str);	428	json_decref (name_str);
544	if (NULL != create_token_for)
545	{
546	make_gnuid_token (handle,
547	ego_entry,
548	ego_entry->identifier,
549	create_token_for,
550	&token);
551	token_str = json_string (token);
552	GNUNET_free (token);
553	GNUNET_REST_jsonapi_resource_add_attr (json_resource,
554	GNUNET_REST_JSONAPI_IDENTITY_GNUID,
555	token_str);
556	json_decref (token_str);
557	}
558	GNUNET_REST_jsonapi_object_resource_add (json_object, json_resource);	429	GNUNET_REST_jsonapi_object_resource_add (json_object, json_resource);
559	}	430	}
560	if (0 == GNUNET_REST_jsonapi_object_resource_count (json_object))	431	if (0 == GNUNET_REST_jsonapi_object_resource_count (json_object))