- More heavy refactoring. Probably lots of broken things to see here.

3 files changed, 218 insertions, 270 deletions

diff --git a/src/include/gnunet_identity_provider_lib.h b/src/include/gnunet_identity_provider_lib.h
deleted file mode 100644
index 6e41a009d..000000000
--- a/src/include/gnunet_identity_provider_lib.h
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
-   This file is part of GNUnet.
-   Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors)
-
-   GNUnet is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published
-   by the Free Software Foundation; either version 3, or (at your
-   option) any later version.
-
-   GNUnet is distributed in the hope that it will be useful, but
-   WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with GNUnet; see the file COPYING.  If not, write to the
-   Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.
-   */
-/**
- * @author Martin Schanzenbach
- * @file include/gnunet_identity_provider_lib.h
- * @brief GNUnet Identity Provider library
- *
- */
-#ifndef GNUNET_IDENTITY_PROVIDER_LIB_H
-#define GNUNET_IDENTITY_PROVIDER_LIB_H
-
-#include "gnunet_crypto_lib.h"
-#include <jansson.h>
-
-struct GNUNET_IDENTITY_PROVIDER_Token
-{
-  /**
-   * JSON header
-   */
-  json_t *header;
-
-  /**
-   * JSON Payload
-   */
-  json_t *payload;
-
-  /**
-   * Token Signature
-   */
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
-  
-  /**
-   * Audience Pubkey
-   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
-};
-
-struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload
-{
-  /**
-   * Nonce
-   */
-  char* nonce;
-
-  /**
-   * Label
-   */
-  char *label;
-
-  /**
-   * Issuing Identity
-   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey identity_key;
-};
-
-
-struct GNUNET_IDENTITY_PROVIDER_TokenTicket
-{
-  /**
-   * Meta info
-   */
-  struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload;
-
-  /**
-   * ECDH Pubkey
-   */
-  struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
-
-  /**
-   * Signature
-   */
-  struct GNUNET_CRYPTO_EcdsaSignature signature;
-
-  /**
-   * Target identity
-   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
-};
-
-
-
-/**
- * Create an identity token
- *
- * @param iss the issuer string for the token
- * @param aud the audience of the token
- *
- * @return a new token
- */
-struct GNUNET_IDENTITY_PROVIDER_Token*
-GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss,
-                                       const struct GNUNET_CRYPTO_EcdsaPublicKey* aud);
-
-/**
- * Destroy an identity token
- *
- * @param token the token to destroy
- */
-void
-GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token);
-
-/**
- * Add a new key value pair to the token
- * 
- * @param token the token to modify
- * @param key the key
- * @param value the value
- */
-void
-GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token,
-                                         const char* key,
-                                         const char* value);
-
-/**
- * Add a new key value pair to the token with the value as json
- *
- * @param the token to modify
- * @param key the key
- * @param value the value
- *
- */
-void
-GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token,
-                         const char* key,
-                         json_t* value);
-
-/**
- * Serialize a token. The token will be signed and base64 according to the
- * JWT format. The signature is base32-encoded ECDSA.
- * The resulting JWT is encrypted using 
- * ECDHE for the audience and Base64
- * encoded in result. The audience requires the ECDHE public key P 
- * to decrypt the token T. The key P is included in the result and prepended
- * before the token
- *
- * @param token the token to serialize
- * @param priv_key the private key used to sign the token
- * @param ecdhe_privkey the ECDHE private key used to encrypt the token
- * @param result P,Base64(E(T))
- *
- * @return GNUNET_OK on success
- */
-int 
-GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token,
-                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
-                          struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
-                          char **result);
-
-/**
- * Parses the serialized token and returns a token
- *
- * @param data the serialized token
- * @param priv_key the private key of the audience
- * @param result the token
- *
- * @return GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_PROVIDER_token_parse (const char* data,
-                      const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
-                      struct GNUNET_IDENTITY_PROVIDER_Token **result);
-
-/**
- * Parses the serialized token and returns a token
- * This variant is intended for the party that issued the token and also
- * wants to decrypt the serialized token.
- *
- * @param data the serialized token
- * @param priv_key the private (!) ECDHE key
- * @param aud_key the identity of the audience
- * @param result the token
- *
- * @return GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data,
-                       const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
-                       const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
-                       struct GNUNET_IDENTITY_PROVIDER_Token **result);
-
-
-/**
- *
- * Returns a JWT-string representation of the token
- *
- * @param token the token
- * @param priv_key the private key used to sign the JWT
- * @param result the JWT
- *
- * @return GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token,
-                          const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
-                          char **result);
-
-/**
- *
- * Creates a ticket that can be exchanged by the audience for 
- * the token. The token must be placed under the label
- *
- * @param nonce_str nonce provided by the audience that requested the ticket
- * @param iss_pkey the issuer pubkey used to sign the ticket
- * @param label the label encoded in the ticket
- * @param aud_ley the audience pubkey used to encrypt the ticket payload
- *
- * @return the ticket
- */
-struct GNUNET_IDENTITY_PROVIDER_TokenTicket*
-GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str,
-                            const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
-                            const char* lbl_str,
-                            const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
-
-/**
- * Serialize a ticket. Returns the Base64 representation of the ticket.
- * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } )
- *
- * @param ticket the ticket to serialize
- * @param priv_key the issuer private key to sign the ticket payload
- * @param result the serialized ticket
- *
- * @return GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket,
-                               const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
-                               char **result);
-
-/**
- * Destroys a ticket
- *
- * @param the ticket to destroy
- */
-void
-GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket);
-
-/**
- * Parses a serialized ticket
- *
- * @param data the serialized ticket
- * @param priv_key the audience private key
- * @param ticket the ticket
- *
- * @return GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data,
-                           const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
-                           struct GNUNET_IDENTITY_PROVIDER_TokenTicket **ticket);
-
-#endif
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h
new file mode 100644
index 000000000..283c1b40c
--- /dev/null
+++ b/src/include/gnunet_identity_provider_service.h
@@ -0,0 +1,202 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2016 Christian Grothoff (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @file include/gnunet_identity_provider_service.h
+ * @brief Identity provider service; implements identity provider for GNUnet
+ * @author Martin Schanzenbach
+ *
+ * Egos in GNUnet are ECDSA keys.  You assume an ego by using (signing
+ * with) a particular private key.  As GNUnet users are expected to
+ * have many egos, we need an identity service to allow users to
+ * manage their egos.  The identity service manages the egos (private
+ * keys) of the local user; it does NOT manage egos of other users
+ * (public keys).  For giving names to other users and manage their
+ * public keys securely, we use GNS.
+ *
+ * @defgroup identity-provider service
+ * @{
+ */
+#ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
+#define GNUNET_IDENTITY_PROVIDER_SERVICE_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0                           /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+#include "gnunet_util_lib.h"
+
+
+/**
+ * Version number of GNUnet Identity Provider API.
+ */
+#define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
+
+/**
+ * Handle to access the identity service.
+ */
+struct GNUNET_IDENTITY_PROVIDER_Handle;
+
+/**
+ * Handle for a token.
+ */
+struct GNUNET_IDENTITY_PROVIDER_Token;
+
+/**
+ * Handle for a ticket
+ */
+struct GNUNET_IDENTITY_PROVIDER_Ticket;
+
+/**
+ * Handle for an operation with the identity provider service.
+ */
+struct GNUNET_IDENTITY_PROVIDER_Operation;
+
+/**
+ * Method called when a token has been exchanged for a ticket.
+ * On success returns a token
+ *
+ * @param cls closure
+ * @param token the token
+ */
+typedef void
+(*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls,
+                            const struct GNUNET_IDENTITY_PROVIDER_Token *token);
+
+/**
+ * Method called when a token has been issued.
+ * On success returns a ticket that can be given to the audience to retrive the
+ * token
+ *
+ * @param cls closure
+ * @param ticket the ticket
+ * @param name name assigned by the user for this ego,
+ *                   NULL if the user just deleted the ego and it
+ *                   must thus no longer be used
+ */
+typedef void
+(*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls,
+                            const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+
+
+/**
+ * Connect to the identity provider service.
+ *
+ * @param cfg Configuration to contact the identity provider service.
+ * @return handle to communicate with identity provider service
+ */
+struct GNUNET_IDENTITY_PROVIDER_Handle *
+GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
+
+
+/**
+ * Issue a token for a specific audience.
+ *
+ * @param id identity provider service to use
+ * @param iss issuer (identity)
+ * @param aud audience (identity)
+ * @param scope the identity attributes requested, comman separated
+ * @param expiration the token expiration
+ * @param nonce the nonce that will be included in token and ticket
+ * @param cb callback to call with result
+ * @param cb_cls closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_IDENTITY_PROVIDER_Operation *
+GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
+                     const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
+         const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+         const char* scope,
+         struct GNUNET_TIME_Absolute *expiration,
+         uint64_t nonce,
+                     GNUNET_IDENTITY_PROVIDER_IssueCallback cb,
+                     void *cb_cls);
+
+
+/**
+ * Exchange a ticket for a token. Intended to be used by audience that
+ * received a ticket.
+ *
+ * @param id identity provider service to use
+ * @param ticket the ticket to exchange
+ * @param aud_privkey the audience of the ticket
+ * @param cont function to call once the operation finished
+ * @param cont_cls closure for @a cont
+ * @return handle to abort the operation
+ */
+struct GNUNET_IDENTITY_PROVIDER_Operation *
+GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
+                     const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
+         const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey,
+                     GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont,
+                     void *cont_cls);
+
+
+/**
+ * Disconnect from identity provider service.
+ *
+ * @param h identity provider service to disconnect
+ */
+void
+GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
+
+
+/**
+ * Cancel an identity provider operation.  Note that the operation MAY still
+ * be executed; this merely cancels the continuation; if the request
+ * was already transmitted, the service may still choose to complete
+ * the operation.
+ *
+ * @param op operation to cancel
+ */
+void
+GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
+
+
+/**
+ * Convenience API
+ */
+char *
+GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token);
+
+char *
+GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
+
+
+int
+GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input,
+                                           struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket);
+
+#if 0                           /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+/** @} */ /* end of group identity */
+
+/* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
+#endif
+/* end of gnunet_identity_provider_service.h */
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index d6b9c5084..2d1fbbd62 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -2822,8 +2822,23 @@ extern "C"
 
 /*******************************************************************************/
 
+
+/**************************************************
+ *
+ * IDENTITY PROVIDER MESSAGE TYPES
+ */
+#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE     961
+
+#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE  962
+
+#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT     963
+
+#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT  964
+
+/*******************************************************************************/
+
 /**
- * Next available: 960
+ * Next available: 970
  */
 
 /**