diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-10-19 12:49:08 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-10-19 12:49:08 +0200 |
commit | 39e327905f421c470b9cbd5c1ea548261bcae026 (patch) | |
tree | fa0df2a80fe4c785e12c609f619eb5f95e55904c /src/reclaim | |
parent | a2de0769515468c733b72698f04b24d03190f719 (diff) | |
download | gnunet-39e327905f421c470b9cbd5c1ea548261bcae026.tar.gz gnunet-39e327905f421c470b9cbd5c1ea548261bcae026.zip |
BUILD: Move reclaim to service
Diffstat (limited to 'src/reclaim')
44 files changed, 0 insertions, 21432 deletions
diff --git a/src/reclaim/.gitignore b/src/reclaim/.gitignore deleted file mode 100644 index e22aa5011..000000000 --- a/src/reclaim/.gitignore +++ /dev/null | |||
@@ -1,5 +0,0 @@ | |||
1 | gnunet-reclaim | ||
2 | gnunet-service-reclaim | ||
3 | gnunet-did | ||
4 | test_did_helper | ||
5 | test_reclaim_attribute | ||
diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am deleted file mode 100644 index e5603d662..000000000 --- a/src/reclaim/Makefile.am +++ /dev/null | |||
@@ -1,252 +0,0 @@ | |||
1 | # This Makefile.am is in the public domain | ||
2 | AM_CPPFLAGS = -I$(top_srcdir)/src/include | ||
3 | |||
4 | plugindir = $(libdir)/gnunet | ||
5 | |||
6 | if USE_COVERAGE | ||
7 | AM_CFLAGS = --coverage -O0 | ||
8 | XLIB = -lgcov | ||
9 | endif | ||
10 | |||
11 | |||
12 | REST_PLUGIN = \ | ||
13 | libgnunet_plugin_rest_reclaim.la | ||
14 | |||
15 | if HAVE_JOSE | ||
16 | REST_PLUGIN += libgnunet_plugin_rest_openid_connect.la | ||
17 | endif | ||
18 | |||
19 | CREDENTIAL_PLUGIN = \ | ||
20 | libgnunet_plugin_reclaim_credential_jwt.la | ||
21 | |||
22 | if HAVE_PABC | ||
23 | CREDENTIAL_PLUGIN += libgnunet_plugin_reclaim_credential_pabc.la | ||
24 | REST_PLUGIN += libgnunet_plugin_rest_pabc.la | ||
25 | endif | ||
26 | |||
27 | EXTRA_DIST = \ | ||
28 | reclaim.conf \ | ||
29 | test_reclaim_defaults.conf \ | ||
30 | test_reclaim.conf \ | ||
31 | $(check_SCRIPTS) | ||
32 | |||
33 | pkgcfgdir= $(pkgdatadir)/config.d/ | ||
34 | |||
35 | libexecdir= $(pkglibdir)/libexec/ | ||
36 | |||
37 | pkgcfg_DATA = \ | ||
38 | reclaim.conf | ||
39 | |||
40 | lib_LTLIBRARIES = \ | ||
41 | libgnunetreclaim.la \ | ||
42 | libgnunetdid.la | ||
43 | plugin_LTLIBRARIES = \ | ||
44 | libgnunet_plugin_gnsrecord_reclaim.la \ | ||
45 | libgnunet_plugin_reclaim_attribute_basic.la \ | ||
46 | $(CREDENTIAL_PLUGIN) \ | ||
47 | $(REST_PLUGIN) | ||
48 | |||
49 | bin_PROGRAMS = \ | ||
50 | gnunet-reclaim \ | ||
51 | gnunet-did | ||
52 | |||
53 | libexec_PROGRAMS = \ | ||
54 | gnunet-service-reclaim | ||
55 | |||
56 | libgnunet_plugin_rest_reclaim_la_SOURCES = \ | ||
57 | plugin_rest_reclaim.c \ | ||
58 | json_reclaim.h \ | ||
59 | json_reclaim.c | ||
60 | libgnunet_plugin_rest_reclaim_la_LIBADD = \ | ||
61 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
62 | libgnunetreclaim.la \ | ||
63 | $(top_builddir)/src/lib/json/libgnunetjson.la \ | ||
64 | $(top_builddir)/src/lib/gnsrecord/libgnunetgnsrecord.la \ | ||
65 | $(top_builddir)/src/service/rest/libgnunetrest.la \ | ||
66 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
67 | $(top_builddir)/src/lib/util/libgnunetutil.la $(XLIBS) \ | ||
68 | $(LTLIBINTL) -ljansson $(MHD_LIBS) | ||
69 | libgnunet_plugin_rest_reclaim_la_LDFLAGS = \ | ||
70 | $(GN_PLUGIN_LDFLAGS) | ||
71 | libgnunet_plugin_rest_reclaim_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) | ||
72 | |||
73 | if HAVE_JOSE | ||
74 | libgnunet_plugin_rest_openid_connect_la_SOURCES = \ | ||
75 | plugin_rest_openid_connect.c \ | ||
76 | oidc_helper.h \ | ||
77 | oidc_helper.c | ||
78 | libgnunet_plugin_rest_openid_connect_la_LIBADD = \ | ||
79 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
80 | libgnunetreclaim.la \ | ||
81 | $(top_builddir)/src/service/rest/libgnunetrest.la \ | ||
82 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
83 | $(top_builddir)/src/service/gns/libgnunetgns.la \ | ||
84 | $(top_builddir)/src/lib/gnsrecord/libgnunetgnsrecord.la \ | ||
85 | $(top_builddir)/src/lib/util/libgnunetutil.la $(XLIBS) \ | ||
86 | $(LTLIBINTL) -ljansson -ljose $(MHD_LIBS) \ | ||
87 | $(LIBGCRYPT_LIBS) | ||
88 | libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \ | ||
89 | $(GN_PLUGIN_LDFLAGS) | ||
90 | libgnunet_plugin_rest_openid_connect_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) | ||
91 | endif | ||
92 | |||
93 | if HAVE_PABC | ||
94 | libgnunet_plugin_rest_pabc_la_SOURCES = \ | ||
95 | plugin_rest_pabc.c \ | ||
96 | pabc_helper.c | ||
97 | libgnunet_plugin_rest_pabc_la_LIBADD = \ | ||
98 | libgnunetreclaim.la \ | ||
99 | $(top_builddir)/src/lib/json/libgnunetjson.la \ | ||
100 | $(top_builddir)/src/service/rest/libgnunetrest.la \ | ||
101 | $(top_builddir)/src/lib/util/libgnunetutil.la $(XLIBS) \ | ||
102 | $(LTLIBINTL) -ljansson -lpabc $(MHD_LIBS) | ||
103 | libgnunet_plugin_rest_pabc_la_LDFLAGS = \ | ||
104 | $(GN_PLUGIN_LDFLAGS) | ||
105 | libgnunet_plugin_rest_pabc_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) | ||
106 | endif | ||
107 | |||
108 | |||
109 | libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \ | ||
110 | plugin_gnsrecord_reclaim.c | ||
111 | libgnunet_plugin_gnsrecord_reclaim_la_LIBADD = \ | ||
112 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
113 | $(LTLIBINTL) | ||
114 | libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \ | ||
115 | $(GN_PLUGIN_LDFLAGS) | ||
116 | |||
117 | |||
118 | gnunet_service_reclaim_SOURCES = \ | ||
119 | gnunet-service-reclaim.c \ | ||
120 | gnunet-service-reclaim_tickets.c \ | ||
121 | gnunet-service-reclaim_tickets.h | ||
122 | gnunet_service_reclaim_LDADD = \ | ||
123 | $(top_builddir)/src/lib/gnsrecord/libgnunetgnsrecord.la \ | ||
124 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
125 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
126 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
127 | $(top_builddir)/src/service/statistics/libgnunetstatistics.la \ | ||
128 | libgnunetreclaim.la \ | ||
129 | $(top_builddir)/src/service/gns/libgnunetgns.la \ | ||
130 | $(GN_LIBINTL) | ||
131 | |||
132 | libgnunetreclaim_la_SOURCES = \ | ||
133 | reclaim_api.c \ | ||
134 | reclaim.h \ | ||
135 | reclaim_attribute.c \ | ||
136 | reclaim_attribute.h \ | ||
137 | reclaim_credential.c \ | ||
138 | reclaim_credential.h | ||
139 | libgnunetreclaim_la_LIBADD = \ | ||
140 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
141 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
142 | $(GN_LIBINTL) $(XLIB) | ||
143 | libgnunetreclaim_la_LDFLAGS = \ | ||
144 | $(GN_LIB_LDFLAGS) \ | ||
145 | -version-info 0:0:0 | ||
146 | |||
147 | libgnunetdid_la_SOURCES = \ | ||
148 | did_helper.c \ | ||
149 | did_helper.h \ | ||
150 | did_core.h \ | ||
151 | did_core.c | ||
152 | libgnunetdid_la_LIBADD = \ | ||
153 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
154 | $(top_builddir)/src/service/gns/libgnunetgns.la \ | ||
155 | $(top_builddir)/src/lib/gnsrecord/libgnunetgnsrecord.la \ | ||
156 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
157 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
158 | -ljansson \ | ||
159 | $(GN_LIBINTL) $(XLIB) | ||
160 | libgnunetdid_la_LDFLAGS = \ | ||
161 | $(GN_LIB_LDFLAGS) \ | ||
162 | -version-info 0:0:0 | ||
163 | |||
164 | libgnunet_plugin_reclaim_attribute_basic_la_SOURCES = \ | ||
165 | plugin_reclaim_attribute_basic.c | ||
166 | libgnunet_plugin_reclaim_attribute_basic_la_LIBADD = \ | ||
167 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
168 | $(LTLIBINTL) | ||
169 | libgnunet_plugin_reclaim_attribute_basic_la_LDFLAGS = \ | ||
170 | $(GN_PLUGIN_LDFLAGS) | ||
171 | |||
172 | if HAVE_PABC | ||
173 | libgnunet_plugin_reclaim_credential_pabc_la_SOURCES = \ | ||
174 | plugin_reclaim_credential_pabc.c \ | ||
175 | pabc_helper.c \ | ||
176 | pabc_helper.h | ||
177 | libgnunet_plugin_reclaim_credential_pabc_la_LIBADD = \ | ||
178 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
179 | libgnunetreclaim.la \ | ||
180 | -ljansson\ | ||
181 | -lpabc \ | ||
182 | $(LTLIBINTL) | ||
183 | libgnunet_plugin_reclaim_credential_pabc_la_LDFLAGS = \ | ||
184 | $(GN_PLUGIN_LDFLAGS) | ||
185 | endif | ||
186 | |||
187 | |||
188 | libgnunet_plugin_reclaim_credential_jwt_la_SOURCES = \ | ||
189 | plugin_reclaim_credential_jwt.c | ||
190 | libgnunet_plugin_reclaim_credential_jwt_la_LIBADD = \ | ||
191 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
192 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
193 | libgnunetreclaim.la \ | ||
194 | -ljansson\ | ||
195 | $(LTLIBINTL) | ||
196 | libgnunet_plugin_reclaim_credential_jwt_la_LDFLAGS = \ | ||
197 | $(GN_PLUGIN_LDFLAGS) | ||
198 | |||
199 | gnunet_reclaim_SOURCES = \ | ||
200 | gnunet-reclaim.c | ||
201 | gnunet_reclaim_LDADD = \ | ||
202 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
203 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
204 | libgnunetreclaim.la \ | ||
205 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
206 | $(GN_LIBINTL) | ||
207 | |||
208 | test_reclaim_attribute_SOURCES = \ | ||
209 | test_reclaim_attribute.c | ||
210 | test_reclaim_attribute_LDADD = \ | ||
211 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
212 | libgnunetreclaim.la \ | ||
213 | $(GN_LIBINTL) | ||
214 | |||
215 | gnunet_did_SOURCES = \ | ||
216 | gnunet-did.c | ||
217 | gnunet_did_LDADD = \ | ||
218 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
219 | $(top_builddir)/src/service/gns/libgnunetgns.la \ | ||
220 | $(top_builddir)/src/lib/gnsrecord/libgnunetgnsrecord.la \ | ||
221 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
222 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
223 | libgnunetdid.la \ | ||
224 | -ljansson | ||
225 | |||
226 | |||
227 | test_did_helper_SOURCES = \ | ||
228 | test_did_helper.c | ||
229 | test_did_helper_LDADD = \ | ||
230 | $(top_builddir)/src/lib/util/libgnunetutil.la \ | ||
231 | $(top_builddir)/src/service/gns/libgnunetgns.la \ | ||
232 | $(top_builddir)/src/lib/gnsrecord/libgnunetgnsrecord.la \ | ||
233 | $(top_builddir)/src/service/identity/libgnunetidentity.la \ | ||
234 | $(top_builddir)/src/service/namestore/libgnunetnamestore.la \ | ||
235 | libgnunetdid.la \ | ||
236 | -ljansson | ||
237 | |||
238 | check_SCRIPTS = \ | ||
239 | test_reclaim_attribute.sh \ | ||
240 | test_reclaim_issue.sh \ | ||
241 | test_reclaim_consume.sh | ||
242 | |||
243 | check_PROGRAMS = \ | ||
244 | test_reclaim_attribute \ | ||
245 | test_did_helper | ||
246 | |||
247 | if ENABLE_TEST_RUN | ||
248 | AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME; | ||
249 | TESTS = \ | ||
250 | $(check_SCRIPTS) \ | ||
251 | $(check_PROGRAMS) | ||
252 | endif | ||
diff --git a/src/reclaim/did.h b/src/reclaim/did.h deleted file mode 100644 index ab1b65925..000000000 --- a/src/reclaim/did.h +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2022 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | #ifndef RECLAIM_DID_H | ||
22 | #define RECLAIM_DID_H | ||
23 | |||
24 | #define GNUNET_RECLAIM_DID_METHOD_PREFIX "did:gns:" | ||
25 | |||
26 | /** | ||
27 | * Create a DID string from an ego in the format | ||
28 | * did:gns:\<pubkey\> | ||
29 | * | ||
30 | * @param ego the Ego to use | ||
31 | * @return the DID string | ||
32 | */ | ||
33 | char* | ||
34 | DID_ego_to_did (struct GNUNET_IDENTITY_Ego *ego); | ||
35 | |||
36 | |||
37 | /** | ||
38 | * Extract the public key from a DID | ||
39 | * in the format did:gns:\<pubkey\> | ||
40 | * | ||
41 | * @param did the DID parse | ||
42 | * @param pk where to store the public key | ||
43 | * @return GNUNET_OK if successful | ||
44 | */ | ||
45 | enum GNUNET_GenericReturnValue | ||
46 | DID_public_key_from_did (const char* did, | ||
47 | struct GNUNET_CRYPTO_PublicKey *pk); | ||
48 | |||
49 | #endif | ||
diff --git a/src/reclaim/did_core.c b/src/reclaim/did_core.c deleted file mode 100644 index ce3336b91..000000000 --- a/src/reclaim/did_core.c +++ /dev/null | |||
@@ -1,265 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/did_core.c | ||
23 | * @brief Core functionality for DID | ||
24 | * @author Tristan Schwieren | ||
25 | */ | ||
26 | |||
27 | // TODO: DID documents do not have an expiration date. Still we add one | ||
28 | // TODO: Store DID document with empty label and own type (maybe DID-Document or JSON??) | ||
29 | |||
30 | #include "platform.h" | ||
31 | #include "did_core.h" | ||
32 | |||
33 | struct DID_resolve_return | ||
34 | { | ||
35 | DID_resolve_callback *cb; | ||
36 | void *cls; | ||
37 | }; | ||
38 | |||
39 | struct DID_action_return | ||
40 | { | ||
41 | DID_action_callback *cb; | ||
42 | void *cls; | ||
43 | }; | ||
44 | |||
45 | // ------------------------------------------------ // | ||
46 | // -------------------- Resolve ------------------- // | ||
47 | // ------------------------------------------------ // | ||
48 | |||
49 | /** | ||
50 | * @brief GNS lookup callback. Calls the given callback function | ||
51 | * and gives it the DID Document. | ||
52 | * Fails if there is more than one DID record. | ||
53 | * | ||
54 | * @param cls closure | ||
55 | * @param rd_count number of records in rd | ||
56 | * @param rd the records in the reply | ||
57 | */ | ||
58 | static void | ||
59 | DID_resolve_gns_lookup_cb ( | ||
60 | void *cls, | ||
61 | uint32_t rd_count, | ||
62 | const struct GNUNET_GNSRECORD_Data *rd) | ||
63 | { | ||
64 | char *did_document; | ||
65 | DID_resolve_callback *cb = ((struct DID_resolve_return *) cls)->cb; | ||
66 | void *cls_did_resolve_cb = ((struct DID_resolve_return *) cls)->cls; | ||
67 | free (cls); | ||
68 | |||
69 | for (int i = 0; i < rd_count; i++) { | ||
70 | if (rd[i].record_type != GNUNET_GNSRECORD_TYPE_DID_DOCUMENT) | ||
71 | continue; | ||
72 | did_document = (char *) rd[i].data; | ||
73 | cb (GNUNET_OK, did_document, cls_did_resolve_cb); | ||
74 | return; | ||
75 | } | ||
76 | cb (GNUNET_NO, "DID Document is not a DID_DOCUMENT record\n", | ||
77 | cls_did_resolve_cb); | ||
78 | } | ||
79 | |||
80 | /** | ||
81 | * @brief Resolve a DID. | ||
82 | * Calls the given callback function with the resolved DID Document and the given closure. | ||
83 | * If the did can not be resolved did_document is NULL. | ||
84 | * | ||
85 | * @param did DID that is resolve | ||
86 | */ | ||
87 | enum GNUNET_GenericReturnValue | ||
88 | DID_resolve (const char *did, | ||
89 | struct GNUNET_GNS_Handle *gns_handle, | ||
90 | DID_resolve_callback *cont, | ||
91 | void *cls) | ||
92 | { | ||
93 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
94 | |||
95 | // did, gns_handle and cont must me set | ||
96 | if ((did == NULL) || (gns_handle == NULL) || (cont == NULL)) | ||
97 | return GNUNET_NO; | ||
98 | |||
99 | if (GNUNET_OK != DID_did_to_pkey (did, &pkey)) | ||
100 | return GNUNET_NO; | ||
101 | |||
102 | // Create closure for lookup callback | ||
103 | struct DID_resolve_return *cls_gns_lookup_cb | ||
104 | = malloc (sizeof(struct DID_resolve_return)); | ||
105 | cls_gns_lookup_cb->cb = cont; | ||
106 | cls_gns_lookup_cb->cls = cls; | ||
107 | |||
108 | GNUNET_GNS_lookup (gns_handle, | ||
109 | DID_DOCUMENT_LABEL, | ||
110 | &pkey, | ||
111 | GNUNET_GNSRECORD_TYPE_DID_DOCUMENT, | ||
112 | GNUNET_GNS_LO_DEFAULT, | ||
113 | &DID_resolve_gns_lookup_cb, | ||
114 | cls_gns_lookup_cb); | ||
115 | |||
116 | return GNUNET_OK; | ||
117 | } | ||
118 | |||
119 | // ------------------------------------------------ // | ||
120 | // -------------------- Create -------------------- // | ||
121 | // ------------------------------------------------ // | ||
122 | |||
123 | static void | ||
124 | DID_create_did_store_cb (void *cls, | ||
125 | enum GNUNET_ErrorCode ec) | ||
126 | { | ||
127 | DID_action_callback *cb = ((struct DID_action_return *) cls)->cb; | ||
128 | void *cls_did_create_cb = ((struct DID_action_return *) cls)->cls; | ||
129 | free (cls); | ||
130 | |||
131 | if (GNUNET_EC_NONE == ec) | ||
132 | { | ||
133 | cb (GNUNET_OK, (void *) cls_did_create_cb); | ||
134 | } | ||
135 | else | ||
136 | { | ||
137 | // TODO: Log emsg. Not writing it to STDOUT | ||
138 | printf ("%s\n", GNUNET_ErrorCode_get_hint (ec)); | ||
139 | cb (GNUNET_NO, (void *) cls_did_create_cb); | ||
140 | } | ||
141 | } | ||
142 | |||
143 | struct DID_create_namestore_lookup_closure | ||
144 | { | ||
145 | const char *did_document; | ||
146 | struct GNUNET_TIME_Relative expire_time; | ||
147 | struct GNUNET_NAMESTORE_Handle *namestore_handle; | ||
148 | struct DID_action_return *ret; | ||
149 | }; | ||
150 | |||
151 | static void | ||
152 | DID_create_namestore_lookup_cb (void *cls, | ||
153 | const struct | ||
154 | GNUNET_CRYPTO_PrivateKey *zone, | ||
155 | const char *label, | ||
156 | unsigned int rd_count, | ||
157 | const struct GNUNET_GNSRECORD_Data *rd) | ||
158 | { | ||
159 | struct GNUNET_GNSRECORD_Data record_data; | ||
160 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
161 | |||
162 | const char *did_document | ||
163 | = ((struct DID_create_namestore_lookup_closure *) cls)->did_document; | ||
164 | |||
165 | const struct GNUNET_TIME_Relative expire_time | ||
166 | = ((struct DID_create_namestore_lookup_closure *) cls)->expire_time; | ||
167 | |||
168 | struct GNUNET_NAMESTORE_Handle *namestore_handle | ||
169 | = ((struct DID_create_namestore_lookup_closure *) cls)->namestore_handle; | ||
170 | |||
171 | struct DID_action_return *cls_record_store_cb | ||
172 | = ((struct DID_create_namestore_lookup_closure *) cls)->ret; | ||
173 | |||
174 | free (cls); | ||
175 | |||
176 | if (rd_count > 0) | ||
177 | { | ||
178 | printf ("Ego already has a DID Document. Abort.\n"); | ||
179 | cls_record_store_cb->cb (GNUNET_NO, cls_record_store_cb->cls); | ||
180 | } | ||
181 | else { | ||
182 | // Get public key | ||
183 | GNUNET_CRYPTO_key_get_public (zone, &pkey); | ||
184 | |||
185 | // If no DID Document is given a default one is created | ||
186 | if (did_document != NULL) | ||
187 | printf ( | ||
188 | "DID Docuement is read from \"DID-document\" argument (EXPERIMENTAL)\n"); | ||
189 | else | ||
190 | did_document = DID_pkey_to_did_document (&pkey); | ||
191 | |||
192 | // Create record | ||
193 | record_data.data = did_document; | ||
194 | record_data.expiration_time = expire_time.rel_value_us; | ||
195 | record_data.data_size = strlen (did_document) + 1; | ||
196 | record_data.record_type = GNUNET_GNSRECORD_typename_to_number ("TXT"), | ||
197 | record_data.flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
198 | |||
199 | // Store record | ||
200 | GNUNET_NAMESTORE_records_store (namestore_handle, | ||
201 | zone, | ||
202 | DID_DOCUMENT_LABEL, | ||
203 | 1, // FIXME what if GNUNET_GNS_EMPTY_LABEL_AT has records | ||
204 | &record_data, | ||
205 | &DID_create_did_store_cb, | ||
206 | (void *) cls_record_store_cb); | ||
207 | } | ||
208 | } | ||
209 | |||
210 | /** | ||
211 | * @brief Creates a DID and saves DID Document in Namestore. | ||
212 | * | ||
213 | * @param ego ego for which the DID should be created. | ||
214 | * @param did_document did_document that should be saved in namestore. | ||
215 | * If did_document==NULL -> Default DID document is created. | ||
216 | * @param namestore_handle | ||
217 | * @param cont callback function | ||
218 | * @param cls closure | ||
219 | */ | ||
220 | enum GNUNET_GenericReturnValue | ||
221 | DID_create (const struct GNUNET_IDENTITY_Ego *ego, | ||
222 | const char *did_document, | ||
223 | const struct GNUNET_TIME_Relative *expire_time, | ||
224 | struct GNUNET_NAMESTORE_Handle *namestore_handle, | ||
225 | DID_action_callback *cont, | ||
226 | void *cls) | ||
227 | { | ||
228 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
229 | |||
230 | // Ego, namestore_handle and cont must be set | ||
231 | if ((ego == NULL) || (namestore_handle == NULL) || (cont == NULL)) | ||
232 | return GNUNET_NO; | ||
233 | |||
234 | // Check if ego has EdDSA key | ||
235 | GNUNET_IDENTITY_ego_get_public_key ((struct GNUNET_IDENTITY_Ego *) ego, | ||
236 | &pkey); | ||
237 | if (ntohl (pkey.type) != GNUNET_GNSRECORD_TYPE_EDKEY) | ||
238 | { | ||
239 | printf ("The EGO has to have an EdDSA key pair\n"); | ||
240 | return GNUNET_NO; | ||
241 | } | ||
242 | |||
243 | struct DID_action_return *ret | ||
244 | = malloc (sizeof(struct DID_action_return)); | ||
245 | ret->cb = cont; | ||
246 | ret->cls = cls; | ||
247 | |||
248 | struct DID_create_namestore_lookup_closure *cls_name_store_lookup_cb | ||
249 | = malloc (sizeof(struct DID_create_namestore_lookup_closure)); | ||
250 | cls_name_store_lookup_cb->did_document = did_document; | ||
251 | cls_name_store_lookup_cb->expire_time = (*expire_time); | ||
252 | cls_name_store_lookup_cb->namestore_handle = namestore_handle; | ||
253 | cls_name_store_lookup_cb->ret = ret; | ||
254 | |||
255 | // Check if ego already has a DID Document | ||
256 | GNUNET_NAMESTORE_records_lookup (namestore_handle, | ||
257 | GNUNET_IDENTITY_ego_get_private_key (ego), | ||
258 | DID_DOCUMENT_LABEL, | ||
259 | NULL, | ||
260 | NULL, | ||
261 | DID_create_namestore_lookup_cb, | ||
262 | (void *) cls_name_store_lookup_cb); | ||
263 | |||
264 | return GNUNET_OK; | ||
265 | } | ||
diff --git a/src/reclaim/did_core.h b/src/reclaim/did_core.h deleted file mode 100644 index 842424e14..000000000 --- a/src/reclaim/did_core.h +++ /dev/null | |||
@@ -1,138 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/did_core.h | ||
23 | * @brief Core functionality for GNUNET Decentralized Identifier | ||
24 | * @author Tristan Schwieren | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "gnunet_util_lib.h" | ||
29 | #include "gnunet_namestore_service.h" | ||
30 | #include "gnunet_gns_service.h" | ||
31 | #include "gnunet_gnsrecord_lib.h" | ||
32 | #include "gnunet_identity_service.h" | ||
33 | #include "did_helper.h" | ||
34 | #include "jansson.h" | ||
35 | |||
36 | // #define DID_DOCUMENT_LABEL GNUNET_GNS_EMPTY_LABEL_AT | ||
37 | #define DID_DOCUMENT_LABEL "didd" | ||
38 | #define DID_DOCUMENT_DEFAULT_EXPIRATION_TIME "365d" | ||
39 | |||
40 | /** | ||
41 | * @brief Signature of a callback function that is called after a did has been resolved. | ||
42 | * did_document contains an Error message if DID can not be resolved. | ||
43 | * Calls the given callback function with the resolved DID Document and the given closure. | ||
44 | * If the did can not be resolved did_document is NULL. | ||
45 | * @param status Equals GNUNET_OK if DID Docuemnt has been resolved | ||
46 | * @param did_document resolved DID Document | ||
47 | * @param cls previsouly given closure | ||
48 | */ | ||
49 | typedef void | ||
50 | DID_resolve_callback (enum GNUNET_GenericReturnValue status, char *did_document, void *cls); | ||
51 | |||
52 | /** | ||
53 | * @brief Signature of a callback function that is called after a did has been removed | ||
54 | * status = 0 if action was sucessfull | ||
55 | * status = 1 if action failed | ||
56 | * | ||
57 | * @param status status of the perfermormed action. | ||
58 | * @param cls previsouly given closure | ||
59 | */ | ||
60 | typedef void | ||
61 | DID_action_callback (enum GNUNET_GenericReturnValue status, void *cls); | ||
62 | |||
63 | |||
64 | /** | ||
65 | * @brief Resolve a DID. | ||
66 | * Calls the given callback function with the resolved DID Document and the given closure. | ||
67 | * If the did can not be resolved did_document is NULL. | ||
68 | * | ||
69 | * @param did DID that is resolved | ||
70 | * @param gns_handle pointer to gns handle. | ||
71 | * @param cont callback function | ||
72 | * @param cls closure | ||
73 | */ | ||
74 | enum GNUNET_GenericReturnValue | ||
75 | DID_resolve (const char *did, | ||
76 | struct GNUNET_GNS_Handle *gns_handle, | ||
77 | DID_resolve_callback *cont, | ||
78 | void *cls); | ||
79 | |||
80 | |||
81 | /** | ||
82 | * @brief Removes the DID Document from namestore. | ||
83 | * Ego is not removed. | ||
84 | * Calls the callback function with status and the given closure. | ||
85 | * | ||
86 | * @param ego ego which controlls the DID | ||
87 | * @param cfg_handle pointer to configuration handle | ||
88 | * @param namestore_handle pointer to namestore handle | ||
89 | * @param cont callback function | ||
90 | * @param cls closure | ||
91 | */ | ||
92 | enum GNUNET_GenericReturnValue | ||
93 | DID_remove (const struct GNUNET_IDENTITY_Ego *ego, | ||
94 | struct GNUNET_CONFIGURATION_Handle *cfg_handle, | ||
95 | struct GNUNET_NAMESTORE_Handle *namestore_handle, | ||
96 | DID_action_callback *cont, | ||
97 | void *cls); | ||
98 | |||
99 | |||
100 | /** | ||
101 | * @brief Creates a DID and saves DID Document in Namestore. | ||
102 | * | ||
103 | * @param ego ego for which the DID should be created. | ||
104 | * @param did_document did_document that should be saved in namestore. | ||
105 | * If did_document==NULL -> Default DID document is created. | ||
106 | * @param expire_time | ||
107 | * @param namestore_handle | ||
108 | * @param cont callback function | ||
109 | * @param cls closure | ||
110 | */ | ||
111 | enum GNUNET_GenericReturnValue | ||
112 | DID_create (const struct GNUNET_IDENTITY_Ego *ego, | ||
113 | const char *did_document, | ||
114 | const struct GNUNET_TIME_Relative *expire_time, | ||
115 | struct GNUNET_NAMESTORE_Handle *namestore_handle, | ||
116 | DID_action_callback *cont, | ||
117 | void *cls); | ||
118 | |||
119 | |||
120 | /** | ||
121 | * @brief Replace the DID Document of a DID. | ||
122 | * | ||
123 | * @param ego ego for which the DID Document should be replaced | ||
124 | * @param did_document new DID Document | ||
125 | * @param cfg_handle pointer to configuration handle | ||
126 | * @param identity_handle pointer to configuration handle | ||
127 | * @param namestore_handle pointer to namestore handle | ||
128 | * @param cont callback function | ||
129 | * @param cls closure | ||
130 | */ | ||
131 | enum GNUNET_GenericReturnValue | ||
132 | DID_replace (struct GNUNET_IDENTITY_Ego *ego, | ||
133 | char *did_document, | ||
134 | const struct GNUNET_CONFIGURATION_Handle *cfg_handle, | ||
135 | struct GNUNET_IDENTITY_Handle *identity_handle, | ||
136 | struct GNUNET_NAMESTORE_Handle *namestore_handle, | ||
137 | DID_action_callback *cont, | ||
138 | void *cls); | ||
diff --git a/src/reclaim/did_helper.c b/src/reclaim/did_helper.c deleted file mode 100644 index 3aac027ee..000000000 --- a/src/reclaim/did_helper.c +++ /dev/null | |||
@@ -1,203 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/did_helper.c | ||
23 | * @brief helper library for DID related functions | ||
24 | * @author Tristan Schwieren | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_namestore_service.h" | ||
29 | #include "gnunet_gns_service.h" | ||
30 | #include "gnunet_gnsrecord_lib.h" | ||
31 | #include "did_helper.h" | ||
32 | #include "jansson.h" | ||
33 | |||
34 | #define STR_INDIR(x) #x | ||
35 | #define STR(x) STR_INDIR (x) | ||
36 | |||
37 | /** | ||
38 | * @brief Generate a DID for a given GNUNET public key | ||
39 | * | ||
40 | * @param pkey | ||
41 | * @return char* Returns the DID. Caller must free | ||
42 | * TODO: Check if EdDSA | ||
43 | */ | ||
44 | char* | ||
45 | DID_pkey_to_did (struct GNUNET_CRYPTO_PublicKey *pkey) | ||
46 | { | ||
47 | char *pkey_str; | ||
48 | char *did_str; | ||
49 | |||
50 | pkey_str = GNUNET_CRYPTO_public_key_to_string (pkey); | ||
51 | GNUNET_asprintf (&did_str, "%s%s", | ||
52 | GNUNET_DID_METHOD_PREFIX, | ||
53 | pkey_str); | ||
54 | |||
55 | GNUNET_free (pkey_str); | ||
56 | return did_str; | ||
57 | } | ||
58 | |||
59 | /** | ||
60 | * @brief Generate a DID for a given gnunet EGO. | ||
61 | * Wrapper around GNUNET_DID_pkey_to_did | ||
62 | * | ||
63 | * @param ego | ||
64 | * @return char* Returns the DID. Caller must free | ||
65 | */ | ||
66 | char* | ||
67 | DID_identity_to_did (struct GNUNET_IDENTITY_Ego *ego) | ||
68 | { | ||
69 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
70 | |||
71 | GNUNET_IDENTITY_ego_get_public_key (ego, &pkey); | ||
72 | return DID_pkey_to_did (&pkey); | ||
73 | } | ||
74 | |||
75 | /** | ||
76 | * @brief Return the public key of a DID | ||
77 | */ | ||
78 | enum GNUNET_GenericReturnValue | ||
79 | DID_did_to_pkey (const char *did, struct GNUNET_CRYPTO_PublicKey *pkey) | ||
80 | { | ||
81 | char pkey_str[MAX_DID_SPECIFIC_IDENTIFIER_LENGTH + 1]; /* 0-term */ | ||
82 | |||
83 | if ((1 != (sscanf (did, | ||
84 | GNUNET_DID_METHOD_PREFIX "%" | ||
85 | STR (MAX_DID_SPECIFIC_IDENTIFIER_LENGTH) | ||
86 | "s", pkey_str))) || | ||
87 | (GNUNET_OK != GNUNET_CRYPTO_public_key_from_string (pkey_str, pkey))) | ||
88 | { | ||
89 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Could not decode given DID: %s\n", | ||
90 | did); | ||
91 | return GNUNET_NO; | ||
92 | } | ||
93 | |||
94 | return GNUNET_OK; | ||
95 | } | ||
96 | |||
97 | /** | ||
98 | * @brief Convert a base 64 encoded public key to a GNUNET key | ||
99 | */ | ||
100 | struct GNUNET_CRYPTO_PublicKey * | ||
101 | GNUNET_DID_key_convert_multibase_base64_to_gnunet (char *pkey_str) | ||
102 | { | ||
103 | return NULL; | ||
104 | } | ||
105 | |||
106 | /** | ||
107 | * @brief Convert GNUNET key to a base 64 encoded public key | ||
108 | */ | ||
109 | char * | ||
110 | DID_key_convert_gnunet_to_multibase_base64 (struct | ||
111 | GNUNET_CRYPTO_PublicKey * | ||
112 | pkey) | ||
113 | { | ||
114 | struct GNUNET_CRYPTO_EddsaPublicKey pubkey = pkey->eddsa_key; | ||
115 | |||
116 | // This is how to convert out pubkeys to W3c Ed25519-2020 multibase (base64url no padding) | ||
117 | char *pkey_base_64; | ||
118 | char *pkey_multibase; | ||
119 | char pkx[34]; | ||
120 | |||
121 | pkx[0] = 0xed; | ||
122 | pkx[1] = 0x01; | ||
123 | memcpy (pkx + 2, &pubkey, sizeof (pubkey)); | ||
124 | GNUNET_STRINGS_base64url_encode (pkx, sizeof (pkx), &pkey_base_64); | ||
125 | GNUNET_asprintf (&pkey_multibase, "u%s", pkey_base_64); | ||
126 | |||
127 | GNUNET_free (pkey_base_64); | ||
128 | return pkey_multibase; | ||
129 | } | ||
130 | |||
131 | /** | ||
132 | * @brief Create a did generate did object | ||
133 | * | ||
134 | * @param pkey | ||
135 | * @return void* Return pointer to the DID Document | ||
136 | */ | ||
137 | char * | ||
138 | DID_pkey_to_did_document (struct GNUNET_CRYPTO_PublicKey *pkey) | ||
139 | { | ||
140 | |||
141 | /* FIXME-MSC: This is effectively creating a DID Document default template for | ||
142 | * the initial document. | ||
143 | * Maybe this can be refactored to generate such a template for an identity? | ||
144 | * Even if higher layers add/modify it, there should probably still be a | ||
145 | * GNUNET_DID_document_template_from_identity() | ||
146 | */ | ||
147 | |||
148 | char *did_str; | ||
149 | char *verify_id_str; | ||
150 | char *pkey_multibase_str; | ||
151 | char *didd_str; | ||
152 | json_t *didd_json; | ||
153 | |||
154 | did_str = DID_pkey_to_did (pkey); | ||
155 | GNUNET_asprintf (&verify_id_str, "%s#key-1", did_str); | ||
156 | |||
157 | pkey_multibase_str = DID_key_convert_gnunet_to_multibase_base64 (pkey); | ||
158 | |||
159 | didd_json = json_pack ( | ||
160 | "{s:[ss], s:s, s:[{s:s, s:s, s:s, s:s}], s:[s], s:[s]}", | ||
161 | "@context", | ||
162 | "https://www.w3.org/ns/did/v1", | ||
163 | "https://w3id.org/security/suites/ed25519-2020/v1", | ||
164 | "id", | ||
165 | did_str, | ||
166 | "verificationMethod", | ||
167 | "id", | ||
168 | verify_id_str, | ||
169 | "type", | ||
170 | "Ed25519VerificationKey2020", | ||
171 | "controller", | ||
172 | did_str, | ||
173 | "publicKeyMultibase", | ||
174 | pkey_multibase_str, | ||
175 | "authentication", | ||
176 | "#key-1", | ||
177 | "assertionMethod", | ||
178 | "#key-1"); | ||
179 | |||
180 | // Encode DID Document as JSON string | ||
181 | didd_str = json_dumps (didd_json, JSON_INDENT (2)); | ||
182 | |||
183 | // Free | ||
184 | GNUNET_free (did_str); | ||
185 | GNUNET_free (verify_id_str); | ||
186 | GNUNET_free (pkey_multibase_str); | ||
187 | json_decref (didd_json); | ||
188 | |||
189 | return didd_str; | ||
190 | } | ||
191 | |||
192 | /** | ||
193 | * @brief Generate the default DID document for a GNUNET ego | ||
194 | * Wrapper around GNUNET_DID_pkey_to_did_document | ||
195 | */ | ||
196 | char * | ||
197 | DID_identity_to_did_document (struct GNUNET_IDENTITY_Ego *ego) | ||
198 | { | ||
199 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
200 | |||
201 | GNUNET_IDENTITY_ego_get_public_key (ego, &pkey); | ||
202 | return DID_pkey_to_did (&pkey); | ||
203 | } \ No newline at end of file | ||
diff --git a/src/reclaim/did_helper.h b/src/reclaim/did_helper.h deleted file mode 100644 index d61992c68..000000000 --- a/src/reclaim/did_helper.h +++ /dev/null | |||
@@ -1,74 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/did_helper.h | ||
23 | * @brief helper library for DID related functions | ||
24 | * @author Tristan Schwieren | ||
25 | */ | ||
26 | |||
27 | #define GNUNET_DID_METHOD_PREFIX "did:gns:" | ||
28 | #define MAX_DID_SPECIFIC_IDENTIFIER_LENGTH 59 | ||
29 | |||
30 | /** | ||
31 | * @brief Return a DID for a given GNUNET public key | ||
32 | */ | ||
33 | char * | ||
34 | DID_pkey_to_did (struct GNUNET_CRYPTO_PublicKey *pkey); | ||
35 | |||
36 | /** | ||
37 | * @brief Generate a DID for a given gnunet EGO | ||
38 | * | ||
39 | * @param ego | ||
40 | * @return char * Returns the DID. Caller must free | ||
41 | */ | ||
42 | char * | ||
43 | DID_identity_to_did (struct GNUNET_IDENTITY_Ego *ego); | ||
44 | |||
45 | /** | ||
46 | * @brief Return the public key of a DID | ||
47 | */ | ||
48 | enum GNUNET_GenericReturnValue | ||
49 | DID_did_to_pkey (const char *did, struct GNUNET_CRYPTO_PublicKey *pkey); | ||
50 | |||
51 | // /** | ||
52 | // * @brief Convert a base 64 encoded public key to a GNUNET key | ||
53 | // */ | ||
54 | // struct GNUNET_CRYPTO_PublicKey * | ||
55 | // GNUNET_DID_key_convert_multibase_base64_to_gnunet(char *); | ||
56 | |||
57 | /** | ||
58 | * @brief Convert GNUNET key to a base 64 encoded public key | ||
59 | */ | ||
60 | char * | ||
61 | DID_key_convert_gnunet_to_multibase_base64 (struct | ||
62 | GNUNET_CRYPTO_PublicKey *); | ||
63 | |||
64 | /** | ||
65 | * @brief Generate the default DID document for a GNUNET public key | ||
66 | */ | ||
67 | char * | ||
68 | DID_pkey_to_did_document (struct GNUNET_CRYPTO_PublicKey *pkey); | ||
69 | |||
70 | /** | ||
71 | * @brief Generate the default DID document for a GNUNET ego | ||
72 | */ | ||
73 | char * | ||
74 | DID_identity_to_did_document (struct GNUNET_IDENTITY_Ego *ego); | ||
diff --git a/src/reclaim/did_misc.c b/src/reclaim/did_misc.c deleted file mode 100644 index 32b127b2b..000000000 --- a/src/reclaim/did_misc.c +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2022 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Martin Schanzenbach | ||
23 | * @file src/reclaim/did_misc.c | ||
24 | * @brief Helper functions for DIDs | ||
25 | * | ||
26 | */ | ||
27 | #include "platform.h" | ||
28 | #include "gnunet_util_lib.h" | ||
29 | #include "gnunet_identity_service.h" | ||
30 | #include "jansson.h" | ||
31 | #include "did.h" | ||
32 | |||
33 | char* | ||
34 | DID_ego_to_did (struct GNUNET_IDENTITY_Ego *ego) | ||
35 | { | ||
36 | struct GNUNET_CRYPTO_PublicKey pkey; // Get Public key | ||
37 | char *pkey_str; | ||
38 | char *did_str; | ||
39 | size_t pkey_len; | ||
40 | |||
41 | GNUNET_IDENTITY_ego_get_public_key (ego, &pkey); | ||
42 | |||
43 | pkey_str = GNUNET_CRYPTO_public_key_to_string (&pkey); | ||
44 | GNUNET_asprintf (&did_str, "%s%s", | ||
45 | GNUNET_RECLAIM_DID_METHOD_PREFIX, | ||
46 | pkey_str); | ||
47 | |||
48 | GNUNET_free (pkey_str); | ||
49 | return did_str; | ||
50 | } | ||
51 | |||
52 | enum GNUNET_GenericReturnValue | ||
53 | DID_public_key_from_did (const char* did, | ||
54 | struct GNUNET_CRYPTO_PublicKey *pk) | ||
55 | { | ||
56 | /* FIXME-MSC: I suggest introducing a | ||
57 | * #define MAX_DID_LENGTH <something> | ||
58 | * here and use it for parsing | ||
59 | */ | ||
60 | char pkey_str[59]; | ||
61 | |||
62 | if ((1 != (sscanf (did, GNUNET_RECLAIM_DID_METHOD_PREFIX"%58s", pkey_str))) || | ||
63 | (GNUNET_OK != GNUNET_CRYPTO_public_key_from_string (pkey_str, pk))) | ||
64 | { | ||
65 | return GNUNET_SYSERR; | ||
66 | } | ||
67 | return GNUNET_OK; | ||
68 | } | ||
69 | |||
70 | |||
diff --git a/src/reclaim/gnunet-did.c b/src/reclaim/gnunet-did.c deleted file mode 100644 index e88a3671e..000000000 --- a/src/reclaim/gnunet-did.c +++ /dev/null | |||
@@ -1,647 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2022 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * FIXME: Do we only want to handle EdDSA identities? | ||
23 | * TODO: Own GNS record type | ||
24 | * TODO: Fix overwrite of records in @ if present look for other with same sub | ||
25 | * TODO. Tests | ||
26 | * TODO: Move constants to did.h | ||
27 | * FIXME: Remove and lookup require differnt representations (did vs egoname) | ||
28 | */ | ||
29 | |||
30 | /** | ||
31 | * @author Tristan Schwieren | ||
32 | * @file src/did/gnunet-did.c | ||
33 | * @brief DID Method Wrapper | ||
34 | * | ||
35 | */ | ||
36 | #include "platform.h" | ||
37 | #include "gnunet_util_lib.h" | ||
38 | #include "gnunet_namestore_service.h" | ||
39 | #include "gnunet_identity_service.h" | ||
40 | #include "gnunet_gns_service.h" | ||
41 | #include "gnunet_gnsrecord_lib.h" | ||
42 | #include "did_helper.h" | ||
43 | #include "did_core.h" | ||
44 | #include "jansson.h" | ||
45 | |||
46 | #define GNUNET_DID_DEFAULT_DID_DOCUMENT_EXPIRATION_TIME "1d" | ||
47 | |||
48 | /** | ||
49 | * return value | ||
50 | */ | ||
51 | static int ret; | ||
52 | |||
53 | /** | ||
54 | * Replace DID Document Flag | ||
55 | */ | ||
56 | static int replace; | ||
57 | |||
58 | /** | ||
59 | * Remove DID Document Flag | ||
60 | */ | ||
61 | static int remove_did; | ||
62 | |||
63 | /** | ||
64 | * Get DID Documement for DID Flag | ||
65 | */ | ||
66 | static int get; | ||
67 | |||
68 | /** | ||
69 | * Create DID Document Flag | ||
70 | */ | ||
71 | static int create; | ||
72 | |||
73 | /** | ||
74 | * Show DID for Ego Flag | ||
75 | */ | ||
76 | static int show; | ||
77 | |||
78 | /** | ||
79 | * Show DID for Ego Flag | ||
80 | */ | ||
81 | static int show_all; | ||
82 | |||
83 | /** | ||
84 | * DID Attribut String | ||
85 | */ | ||
86 | static char *did; | ||
87 | |||
88 | /** | ||
89 | * DID Document Attribut String | ||
90 | */ | ||
91 | static char *didd; | ||
92 | |||
93 | /** | ||
94 | * Ego Attribut String | ||
95 | */ | ||
96 | static char *egoname; | ||
97 | |||
98 | /** | ||
99 | * DID Document expiration Date Attribut String | ||
100 | */ | ||
101 | static char *expire; | ||
102 | |||
103 | /* | ||
104 | * Handle to the GNS service | ||
105 | */ | ||
106 | static struct GNUNET_GNS_Handle *gns_handle; | ||
107 | |||
108 | /* | ||
109 | * Handle to the NAMESTORE service | ||
110 | */ | ||
111 | static struct GNUNET_NAMESTORE_Handle *namestore_handle; | ||
112 | |||
113 | /* | ||
114 | * Handle to the IDENTITY service | ||
115 | */ | ||
116 | static struct GNUNET_IDENTITY_Handle *identity_handle; | ||
117 | |||
118 | |||
119 | /* | ||
120 | * The configuration | ||
121 | */ | ||
122 | const static struct GNUNET_CONFIGURATION_Handle *my_cfg; | ||
123 | |||
124 | /** | ||
125 | * Give ego exists | ||
126 | */ | ||
127 | static int ego_exists = 0; | ||
128 | |||
129 | /** | ||
130 | * @brief Disconnect and shutdown | ||
131 | * @param cls closure | ||
132 | */ | ||
133 | static void | ||
134 | cleanup (void *cls) | ||
135 | { | ||
136 | if (NULL != gns_handle) | ||
137 | GNUNET_GNS_disconnect (gns_handle); | ||
138 | if (NULL != namestore_handle) | ||
139 | GNUNET_NAMESTORE_disconnect (namestore_handle); | ||
140 | if (NULL != identity_handle) | ||
141 | GNUNET_IDENTITY_disconnect (identity_handle); | ||
142 | |||
143 | GNUNET_free (did); | ||
144 | GNUNET_free (didd); | ||
145 | GNUNET_free (egoname); | ||
146 | GNUNET_free (expire); | ||
147 | |||
148 | GNUNET_SCHEDULER_shutdown (); | ||
149 | } | ||
150 | |||
151 | /** | ||
152 | * @brief GNS lookup callback. Prints the DID Document to standard out. | ||
153 | * Fails if there is more than one DID record. | ||
154 | * | ||
155 | * @param cls closure | ||
156 | * @param rd_count number of records in @a rd | ||
157 | * @param rd the records in the reply | ||
158 | */ | ||
159 | static void | ||
160 | print_did_document ( | ||
161 | enum GNUNET_GenericReturnValue status, | ||
162 | char *did_document, | ||
163 | void *cls | ||
164 | ) | ||
165 | { | ||
166 | if (GNUNET_OK == status) | ||
167 | printf ("%s\n", did_document); | ||
168 | else | ||
169 | printf ("An error occured: %s\n", did_document); | ||
170 | |||
171 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
172 | ret = 0; | ||
173 | return; | ||
174 | } | ||
175 | |||
176 | /** | ||
177 | * @brief Resolve a DID given by the user. | ||
178 | */ | ||
179 | static void | ||
180 | resolve_did () | ||
181 | { | ||
182 | |||
183 | if (did == NULL) | ||
184 | { | ||
185 | printf ("Set DID option to resolve DID\n"); | ||
186 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
187 | ret = 1; | ||
188 | return; | ||
189 | } | ||
190 | |||
191 | if (GNUNET_OK != DID_resolve (did, gns_handle, print_did_document, NULL)) | ||
192 | { | ||
193 | printf ("An error occured while resoling the DID\n"); | ||
194 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
195 | ret = 0; | ||
196 | return; | ||
197 | } | ||
198 | } | ||
199 | |||
200 | |||
201 | /** | ||
202 | * @brief Signature of a callback function that is called after a did has been removed | ||
203 | */ | ||
204 | typedef void | ||
205 | (*remove_did_document_callback) (void *cls); | ||
206 | |||
207 | /** | ||
208 | * @brief A Structure containing a cont and cls. Can be passed as a cls to a callback function | ||
209 | * | ||
210 | */ | ||
211 | struct Event | ||
212 | { | ||
213 | remove_did_document_callback cont; | ||
214 | void *cls; | ||
215 | }; | ||
216 | |||
217 | /** | ||
218 | * @brief Implements the GNUNET_NAMESTORE_ContinuationWithStatus | ||
219 | * Calls the callback function and cls in the event struct | ||
220 | * | ||
221 | * @param cls closure containing the event struct | ||
222 | * @param success | ||
223 | * @param emgs | ||
224 | */ | ||
225 | static void | ||
226 | remove_did_document_namestore_cb (void *cls, enum GNUNET_ErrorCode ec) | ||
227 | { | ||
228 | struct Event *event; | ||
229 | |||
230 | if (GNUNET_EC_NONE == ec) | ||
231 | { | ||
232 | event = (struct Event *) cls; | ||
233 | |||
234 | if (event->cont != NULL) | ||
235 | { | ||
236 | event->cont (event->cls); | ||
237 | free (event); | ||
238 | } | ||
239 | else { | ||
240 | free (event); | ||
241 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
242 | ret = 0; | ||
243 | return; | ||
244 | } | ||
245 | } | ||
246 | else { | ||
247 | printf ("Something went wrong when deleting the DID Document\n"); | ||
248 | |||
249 | printf ("%s\n", GNUNET_ErrorCode_get_hint (ec)); | ||
250 | |||
251 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
252 | ret = 0; | ||
253 | return; | ||
254 | } | ||
255 | } | ||
256 | |||
257 | /** | ||
258 | * @brief Callback called after the ego has been locked up | ||
259 | * | ||
260 | * @param cls closure | ||
261 | * @param ego the ego returned by the identity service | ||
262 | */ | ||
263 | static void | ||
264 | remove_did_document_ego_lookup_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | ||
265 | { | ||
266 | const struct GNUNET_CRYPTO_PrivateKey *skey = | ||
267 | GNUNET_IDENTITY_ego_get_private_key (ego); | ||
268 | |||
269 | GNUNET_NAMESTORE_records_store (namestore_handle, | ||
270 | skey, | ||
271 | GNUNET_GNS_EMPTY_LABEL_AT, | ||
272 | 0, | ||
273 | NULL, | ||
274 | &remove_did_document_namestore_cb, | ||
275 | cls); | ||
276 | } | ||
277 | |||
278 | /** | ||
279 | * @brief Remove a DID Document | ||
280 | */ | ||
281 | static void | ||
282 | remove_did_document (remove_did_document_callback cont, void *cls) | ||
283 | { | ||
284 | struct Event *event; | ||
285 | |||
286 | if (egoname == NULL) | ||
287 | { | ||
288 | printf ("Remove requieres an ego option\n"); | ||
289 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
290 | ret = 1; | ||
291 | return; | ||
292 | } | ||
293 | else { | ||
294 | event = malloc (sizeof(*event)); | ||
295 | event->cont = cont; | ||
296 | event->cls = cls; | ||
297 | |||
298 | GNUNET_IDENTITY_ego_lookup (my_cfg, | ||
299 | egoname, | ||
300 | &remove_did_document_ego_lookup_cb, | ||
301 | (void *) event); | ||
302 | } | ||
303 | } | ||
304 | |||
305 | // Needed because create_did_ego_lookup_cb() and | ||
306 | // create_did_ego_create_cb() can call each other | ||
307 | static void create_did_ego_lockup_cb (); | ||
308 | |||
309 | /** | ||
310 | * @brief Create a DID(-Document). Called after DID has been created | ||
311 | * Prints status and the DID. | ||
312 | * | ||
313 | */ | ||
314 | static void | ||
315 | create_did_cb (enum GNUNET_GenericReturnValue status, void *cls) | ||
316 | { | ||
317 | if (GNUNET_OK == status) | ||
318 | { | ||
319 | printf ("DID has been created.\n%s\n", (char *) cls); | ||
320 | free (cls); | ||
321 | ret = 0; | ||
322 | } | ||
323 | else | ||
324 | { | ||
325 | printf ("An error occured while creating the DID.\n"); | ||
326 | ret = 1; | ||
327 | } | ||
328 | |||
329 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
330 | return; | ||
331 | } | ||
332 | |||
333 | /** | ||
334 | * @brief Create a DID(-Document) - Called after a new Identity has been created. | ||
335 | */ | ||
336 | static void | ||
337 | create_did_ego_create_cb (void *cls, | ||
338 | const struct GNUNET_CRYPTO_PrivateKey *pk, | ||
339 | enum GNUNET_ErrorCode ec) | ||
340 | { | ||
341 | if (GNUNET_EC_NONE != ec) | ||
342 | { | ||
343 | printf ("%s\n", GNUNET_ErrorCode_get_hint (ec)); | ||
344 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
345 | ret = 1; | ||
346 | return; | ||
347 | } | ||
348 | |||
349 | GNUNET_IDENTITY_ego_lookup (my_cfg, | ||
350 | egoname, | ||
351 | &create_did_ego_lockup_cb, | ||
352 | NULL); | ||
353 | } | ||
354 | |||
355 | /** | ||
356 | * @brief Create a DID(-Document). Called after ego lookup | ||
357 | * | ||
358 | */ | ||
359 | static void | ||
360 | create_did_ego_lockup_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | ||
361 | { | ||
362 | if (ego == NULL) | ||
363 | { | ||
364 | // If Ego was not found. Create new one first | ||
365 | printf ("Ego was not found. Creating new one.\n"); | ||
366 | GNUNET_IDENTITY_create (identity_handle, | ||
367 | egoname, | ||
368 | NULL, | ||
369 | GNUNET_PUBLIC_KEY_TYPE_EDDSA, | ||
370 | &create_did_ego_create_cb, | ||
371 | egoname); | ||
372 | } | ||
373 | else | ||
374 | { | ||
375 | char *did = DID_identity_to_did (ego); | ||
376 | void *cls = malloc (strlen (did) + 1); | ||
377 | struct GNUNET_TIME_Relative expire_relative; | ||
378 | |||
379 | if (expire == NULL) | ||
380 | { | ||
381 | GNUNET_STRINGS_fancy_time_to_relative ( | ||
382 | DID_DOCUMENT_DEFAULT_EXPIRATION_TIME, &expire_relative); | ||
383 | } | ||
384 | else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (expire, | ||
385 | & | ||
386 | expire_relative)) | ||
387 | { | ||
388 | printf ("Failed to read given expiration time\n"); | ||
389 | GNUNET_SCHEDULER_add_now (cleanup, NULL); | ||
390 | ret = 1; | ||
391 | return; | ||
392 | } | ||
393 | |||
394 | strcpy (cls, did); | ||
395 | // TODO: Add DID_document argument | ||
396 | if (GNUNET_OK != DID_create (ego, | ||
397 | NULL, | ||
398 | &expire_relative, | ||
399 | namestore_handle, | ||
400 | create_did_cb, | ||
401 | cls)) | ||
402 | { | ||
403 | printf ("An error occured while creating the DID.\n"); | ||
404 | ret = 1; | ||
405 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
406 | return; | ||
407 | } | ||
408 | } | ||
409 | } | ||
410 | |||
411 | /** | ||
412 | * @brief Create a DID(-Document). | ||
413 | * | ||
414 | */ | ||
415 | static void | ||
416 | create_did () | ||
417 | { | ||
418 | // Ego name to be set | ||
419 | if (egoname == NULL) | ||
420 | { | ||
421 | printf ("Set the Ego argument to create a new DID(-Document)\n"); | ||
422 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
423 | ret = 1; | ||
424 | return; | ||
425 | } | ||
426 | |||
427 | GNUNET_IDENTITY_ego_lookup (my_cfg, | ||
428 | egoname, | ||
429 | &create_did_ego_lockup_cb, | ||
430 | NULL); | ||
431 | } | ||
432 | |||
433 | |||
434 | /** | ||
435 | * @brief Replace a DID Docuemnt. Callback function after ego lockup | ||
436 | * | ||
437 | * @param cls | ||
438 | * @param ego | ||
439 | */ | ||
440 | static void | ||
441 | replace_did_document_ego_lookup_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | ||
442 | { | ||
443 | // create_did_store (didd, ego); | ||
444 | } | ||
445 | |||
446 | /** | ||
447 | * @brief Replace a DID Document. Callback functiona after remove | ||
448 | * | ||
449 | * @param cls | ||
450 | */ | ||
451 | static void | ||
452 | replace_did_document_remove_cb (void *cls) | ||
453 | { | ||
454 | GNUNET_IDENTITY_ego_lookup (my_cfg, | ||
455 | egoname, | ||
456 | &replace_did_document_ego_lookup_cb, | ||
457 | NULL); | ||
458 | } | ||
459 | |||
460 | /** | ||
461 | * @brief Replace a DID Docuemnt | ||
462 | * | ||
463 | */ | ||
464 | static void | ||
465 | replace_did_document () | ||
466 | { | ||
467 | if ((didd != NULL) && (expire != NULL)) | ||
468 | { | ||
469 | remove_did_document (&replace_did_document_remove_cb, NULL); | ||
470 | } | ||
471 | else { | ||
472 | printf ( | ||
473 | "Set the DID Document and expiration time argument to replace the DID Document\n"); | ||
474 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
475 | ret = 1; | ||
476 | return; | ||
477 | } | ||
478 | } | ||
479 | |||
480 | static void | ||
481 | post_ego_iteration (void *cls) | ||
482 | { | ||
483 | // TODO: Check that only one argument is set | ||
484 | |||
485 | if (1 == replace) | ||
486 | { | ||
487 | replace_did_document (); | ||
488 | } | ||
489 | else if (1 == get) | ||
490 | { | ||
491 | resolve_did (); | ||
492 | } | ||
493 | else if (1 == remove_did) | ||
494 | { | ||
495 | remove_did_document (NULL, NULL); | ||
496 | } | ||
497 | else if (1 == create) | ||
498 | { | ||
499 | create_did (); | ||
500 | } | ||
501 | else { | ||
502 | // No Argument found | ||
503 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
504 | return; | ||
505 | } | ||
506 | } | ||
507 | |||
508 | static void | ||
509 | process_dids (void *cls, struct GNUNET_IDENTITY_Ego *ego, | ||
510 | void **ctx, const char*name) | ||
511 | { | ||
512 | char *did_str; | ||
513 | |||
514 | if (ego == NULL) | ||
515 | { | ||
516 | if (1 == ego_exists) | ||
517 | { | ||
518 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
519 | return; | ||
520 | } | ||
521 | GNUNET_SCHEDULER_add_now (&post_ego_iteration, NULL); | ||
522 | return; | ||
523 | } | ||
524 | |||
525 | if (1 == show_all) | ||
526 | { | ||
527 | did_str = DID_identity_to_did (ego); | ||
528 | printf ("%s:\n\t%s\n", name, did_str); | ||
529 | GNUNET_free (did_str); | ||
530 | return; | ||
531 | } | ||
532 | if (1 == show) | ||
533 | { | ||
534 | if (0 == strncmp (name, egoname, strlen (egoname))) | ||
535 | { | ||
536 | did_str = DID_identity_to_did (ego); | ||
537 | printf ("%s:\n\t%s\n", name, did_str); | ||
538 | GNUNET_free (did_str); | ||
539 | return; | ||
540 | } | ||
541 | } | ||
542 | } | ||
543 | |||
544 | |||
545 | |||
546 | static void | ||
547 | run (void *cls, | ||
548 | char *const *args, | ||
549 | const char *cfgfile, | ||
550 | const struct GNUNET_CONFIGURATION_Handle *c) | ||
551 | { | ||
552 | gns_handle = GNUNET_GNS_connect (c); | ||
553 | namestore_handle = GNUNET_NAMESTORE_connect (c); | ||
554 | my_cfg = c; | ||
555 | |||
556 | // check if GNS_handle could connect | ||
557 | if (gns_handle == NULL) | ||
558 | { | ||
559 | ret = 1; | ||
560 | return; | ||
561 | } | ||
562 | |||
563 | // check if NAMESTORE_handle could connect | ||
564 | if (namestore_handle == NULL) | ||
565 | { | ||
566 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
567 | ret = 1; | ||
568 | return; | ||
569 | } | ||
570 | |||
571 | identity_handle = GNUNET_IDENTITY_connect (c, &process_dids, NULL); | ||
572 | if (identity_handle == NULL) | ||
573 | { | ||
574 | GNUNET_SCHEDULER_add_now (&cleanup, NULL); | ||
575 | ret = 1; | ||
576 | return; | ||
577 | } | ||
578 | } | ||
579 | |||
580 | int | ||
581 | main (int argc, char *const argv[]) | ||
582 | { | ||
583 | struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
584 | GNUNET_GETOPT_option_flag ('C', | ||
585 | "create", | ||
586 | gettext_noop ( | ||
587 | "Create a DID Document and display its DID"), | ||
588 | &create), | ||
589 | GNUNET_GETOPT_option_flag ('g', | ||
590 | "get", | ||
591 | gettext_noop ( | ||
592 | "Get the DID Document associated with the given DID"), | ||
593 | &get), | ||
594 | GNUNET_GETOPT_option_flag ('r', | ||
595 | "remove", | ||
596 | gettext_noop ( | ||
597 | "Remove the DID"), | ||
598 | &remove_did), | ||
599 | GNUNET_GETOPT_option_flag ('R', | ||
600 | "replace", | ||
601 | gettext_noop ("Replace the DID Document."), | ||
602 | &replace), | ||
603 | GNUNET_GETOPT_option_flag ('s', | ||
604 | "show", | ||
605 | gettext_noop ("Show the DID for a given ego"), | ||
606 | &show), | ||
607 | GNUNET_GETOPT_option_flag ('A', | ||
608 | "show-all", | ||
609 | gettext_noop ("Show egos with DIDs"), | ||
610 | &show_all), | ||
611 | GNUNET_GETOPT_option_string ('d', | ||
612 | "did", | ||
613 | "DID", | ||
614 | gettext_noop ( | ||
615 | "The Decentralized Identity (DID)"), | ||
616 | &did), | ||
617 | GNUNET_GETOPT_option_string ('D', | ||
618 | "did-document", | ||
619 | "JSON", | ||
620 | gettext_noop ( | ||
621 | "The DID Document to store in GNUNET"), | ||
622 | &didd), | ||
623 | GNUNET_GETOPT_option_string ('e', | ||
624 | "ego", | ||
625 | "EGO", | ||
626 | gettext_noop ("The name of the EGO"), | ||
627 | &egoname), | ||
628 | GNUNET_GETOPT_option_string ('t', | ||
629 | "expiration-time", | ||
630 | "TIME", | ||
631 | gettext_noop ( | ||
632 | "The time until the DID Document is going to expire (e.g. 5d)"), | ||
633 | &expire), | ||
634 | GNUNET_GETOPT_OPTION_END | ||
635 | }; | ||
636 | |||
637 | if (GNUNET_OK != GNUNET_PROGRAM_run (argc, | ||
638 | argv, | ||
639 | "gnunet-did", | ||
640 | "Manage Decentralized Identities (DIDs)", | ||
641 | options, | ||
642 | &run, | ||
643 | NULL)) | ||
644 | return 1; | ||
645 | else | ||
646 | return ret; | ||
647 | } | ||
diff --git a/src/reclaim/gnunet-reclaim.c b/src/reclaim/gnunet-reclaim.c deleted file mode 100644 index efb2c2902..000000000 --- a/src/reclaim/gnunet-reclaim.c +++ /dev/null | |||
@@ -1,928 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file src/reclaim/gnunet-reclaim.c | ||
23 | * @brief Identity Provider utility | ||
24 | * | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include <inttypes.h> | ||
28 | |||
29 | #include "gnunet_util_lib.h" | ||
30 | |||
31 | #include "gnunet_identity_service.h" | ||
32 | #include "gnunet_namestore_service.h" | ||
33 | #include "gnunet_reclaim_service.h" | ||
34 | #include "gnunet_signatures.h" | ||
35 | /** | ||
36 | * return value | ||
37 | */ | ||
38 | static int ret; | ||
39 | |||
40 | /** | ||
41 | * List attribute flag | ||
42 | */ | ||
43 | static int list; | ||
44 | |||
45 | /** | ||
46 | * List credentials flag | ||
47 | */ | ||
48 | static int list_credentials; | ||
49 | |||
50 | /** | ||
51 | * Credential ID string | ||
52 | */ | ||
53 | static char *credential_id; | ||
54 | |||
55 | /** | ||
56 | * Credential ID | ||
57 | */ | ||
58 | static struct GNUNET_RECLAIM_Identifier credential; | ||
59 | |||
60 | /** | ||
61 | * Credential name | ||
62 | */ | ||
63 | static char *credential_name; | ||
64 | |||
65 | /** | ||
66 | * Credential type | ||
67 | */ | ||
68 | static char *credential_type; | ||
69 | |||
70 | /** | ||
71 | * Credential exists | ||
72 | */ | ||
73 | static int credential_exists; | ||
74 | |||
75 | /** | ||
76 | * Relying party | ||
77 | */ | ||
78 | static char *rp; | ||
79 | |||
80 | /** | ||
81 | * The attribute | ||
82 | */ | ||
83 | static char *attr_name; | ||
84 | |||
85 | /** | ||
86 | * Attribute value | ||
87 | */ | ||
88 | static char *attr_value; | ||
89 | |||
90 | /** | ||
91 | * Attributes to issue | ||
92 | */ | ||
93 | static char *issue_attrs; | ||
94 | |||
95 | /** | ||
96 | * Ticket to consume | ||
97 | */ | ||
98 | static char *consume_ticket; | ||
99 | |||
100 | /** | ||
101 | * Attribute type | ||
102 | */ | ||
103 | static char *type_str; | ||
104 | |||
105 | /** | ||
106 | * Ticket to revoke | ||
107 | */ | ||
108 | static char *revoke_ticket; | ||
109 | |||
110 | /** | ||
111 | * Ticket listing | ||
112 | */ | ||
113 | static int list_tickets; | ||
114 | |||
115 | /** | ||
116 | * Ego name | ||
117 | */ | ||
118 | static char *ego_name; | ||
119 | |||
120 | /** | ||
121 | * Identity handle | ||
122 | */ | ||
123 | static struct GNUNET_IDENTITY_Handle *identity_handle; | ||
124 | |||
125 | /** | ||
126 | * reclaim handle | ||
127 | */ | ||
128 | static struct GNUNET_RECLAIM_Handle *reclaim_handle; | ||
129 | |||
130 | /** | ||
131 | * reclaim operation | ||
132 | */ | ||
133 | static struct GNUNET_RECLAIM_Operation *reclaim_op; | ||
134 | |||
135 | /** | ||
136 | * Attribute iterator | ||
137 | */ | ||
138 | static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator; | ||
139 | |||
140 | /** | ||
141 | * Credential iterator | ||
142 | */ | ||
143 | static struct GNUNET_RECLAIM_CredentialIterator *cred_iterator; | ||
144 | |||
145 | |||
146 | /** | ||
147 | * Ticket iterator | ||
148 | */ | ||
149 | static struct GNUNET_RECLAIM_TicketIterator *ticket_iterator; | ||
150 | |||
151 | |||
152 | /** | ||
153 | * ego private key | ||
154 | */ | ||
155 | static const struct GNUNET_CRYPTO_PrivateKey *pkey; | ||
156 | |||
157 | /** | ||
158 | * rp public key | ||
159 | */ | ||
160 | static struct GNUNET_CRYPTO_PublicKey rp_key; | ||
161 | |||
162 | /** | ||
163 | * Ticket to consume | ||
164 | */ | ||
165 | static struct GNUNET_RECLAIM_Ticket ticket; | ||
166 | |||
167 | /** | ||
168 | * Attribute list | ||
169 | */ | ||
170 | static struct GNUNET_RECLAIM_AttributeList *attr_list; | ||
171 | |||
172 | /** | ||
173 | * Attribute expiration interval | ||
174 | */ | ||
175 | static struct GNUNET_TIME_Relative exp_interval; | ||
176 | |||
177 | /** | ||
178 | * Timeout task | ||
179 | */ | ||
180 | static struct GNUNET_SCHEDULER_Task *timeout; | ||
181 | |||
182 | /** | ||
183 | * Cleanup task | ||
184 | */ | ||
185 | static struct GNUNET_SCHEDULER_Task *cleanup_task; | ||
186 | |||
187 | /** | ||
188 | * Claim to store | ||
189 | */ | ||
190 | struct GNUNET_RECLAIM_Attribute *claim; | ||
191 | |||
192 | /** | ||
193 | * Claim to delete | ||
194 | */ | ||
195 | static char *attr_delete; | ||
196 | |||
197 | /** | ||
198 | * Claim object to delete | ||
199 | */ | ||
200 | static struct GNUNET_RECLAIM_Attribute *attr_to_delete; | ||
201 | |||
202 | static void | ||
203 | do_cleanup (void *cls) | ||
204 | { | ||
205 | cleanup_task = NULL; | ||
206 | if (NULL != timeout) | ||
207 | GNUNET_SCHEDULER_cancel (timeout); | ||
208 | if (NULL != reclaim_op) | ||
209 | GNUNET_RECLAIM_cancel (reclaim_op); | ||
210 | if (NULL != attr_iterator) | ||
211 | GNUNET_RECLAIM_get_attributes_stop (attr_iterator); | ||
212 | if (NULL != cred_iterator) | ||
213 | GNUNET_RECLAIM_get_credentials_stop (cred_iterator); | ||
214 | if (NULL != ticket_iterator) | ||
215 | GNUNET_RECLAIM_ticket_iteration_stop (ticket_iterator); | ||
216 | if (NULL != reclaim_handle) | ||
217 | GNUNET_RECLAIM_disconnect (reclaim_handle); | ||
218 | if (NULL != identity_handle) | ||
219 | GNUNET_IDENTITY_disconnect (identity_handle); | ||
220 | if (NULL != attr_list) | ||
221 | { | ||
222 | GNUNET_RECLAIM_attribute_list_destroy (attr_list); | ||
223 | attr_list = NULL; | ||
224 | } | ||
225 | if (NULL != attr_to_delete) | ||
226 | GNUNET_free (attr_to_delete); | ||
227 | if (NULL == credential_type) | ||
228 | GNUNET_free (credential_type); | ||
229 | } | ||
230 | |||
231 | |||
232 | static void | ||
233 | ticket_issue_cb (void *cls, | ||
234 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
235 | const struct GNUNET_RECLAIM_PresentationList *presentations) | ||
236 | { | ||
237 | char *ticket_str; | ||
238 | |||
239 | reclaim_op = NULL; | ||
240 | if (NULL != ticket) | ||
241 | { | ||
242 | ticket_str = | ||
243 | GNUNET_STRINGS_data_to_string_alloc (ticket, | ||
244 | sizeof( | ||
245 | struct GNUNET_RECLAIM_Ticket)); | ||
246 | printf ("%s\n", ticket_str); | ||
247 | GNUNET_free (ticket_str); | ||
248 | } | ||
249 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
250 | } | ||
251 | |||
252 | |||
253 | static void | ||
254 | store_cont (void *cls, int32_t success, const char *emsg) | ||
255 | { | ||
256 | reclaim_op = NULL; | ||
257 | if (GNUNET_SYSERR == success) | ||
258 | { | ||
259 | fprintf (stderr, "%s\n", emsg); | ||
260 | } | ||
261 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
262 | } | ||
263 | |||
264 | |||
265 | static void | ||
266 | process_attrs (void *cls, | ||
267 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
268 | const struct GNUNET_RECLAIM_Attribute *attr, | ||
269 | const struct GNUNET_RECLAIM_Presentation *presentation) | ||
270 | { | ||
271 | char *value_str; | ||
272 | char *id; | ||
273 | const char *attr_type; | ||
274 | |||
275 | if (NULL == identity) | ||
276 | { | ||
277 | reclaim_op = NULL; | ||
278 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
279 | return; | ||
280 | } | ||
281 | if (NULL == attr) | ||
282 | { | ||
283 | ret = 1; | ||
284 | return; | ||
285 | } | ||
286 | attr_type = GNUNET_RECLAIM_attribute_number_to_typename (attr->type); | ||
287 | id = GNUNET_STRINGS_data_to_string_alloc (&attr->id, sizeof(attr->id)); | ||
288 | value_str = NULL; | ||
289 | if (NULL == presentation) | ||
290 | { | ||
291 | value_str = GNUNET_RECLAIM_attribute_value_to_string (attr->type, | ||
292 | attr->data, | ||
293 | attr->data_size); | ||
294 | } | ||
295 | else | ||
296 | { | ||
297 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
298 | struct GNUNET_RECLAIM_AttributeList *al | ||
299 | = GNUNET_RECLAIM_presentation_get_attributes (presentation); | ||
300 | |||
301 | for (ale = al->list_head; NULL != ale; ale = ale->next) | ||
302 | { | ||
303 | if (0 != strncmp (attr->data, ale->attribute->name, attr->data_size)) | ||
304 | continue; | ||
305 | value_str | ||
306 | = GNUNET_RECLAIM_attribute_value_to_string (ale->attribute->type, | ||
307 | ale->attribute->data, | ||
308 | ale->attribute->data_size); | ||
309 | break; | ||
310 | } | ||
311 | } | ||
312 | fprintf (stdout, | ||
313 | "Name: %s; Value: %s (%s); Flag %u; ID: %s %s\n", | ||
314 | attr->name, | ||
315 | (NULL != value_str) ? value_str : "???", | ||
316 | attr_type, | ||
317 | attr->flag, | ||
318 | id, | ||
319 | (NULL == presentation) ? "" : "(ATTESTED)"); | ||
320 | GNUNET_free (value_str); | ||
321 | GNUNET_free (id); | ||
322 | } | ||
323 | |||
324 | |||
325 | static void | ||
326 | ticket_iter_err (void *cls) | ||
327 | { | ||
328 | ticket_iterator = NULL; | ||
329 | fprintf (stderr, "Failed to iterate over tickets\n"); | ||
330 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
331 | } | ||
332 | |||
333 | |||
334 | static void | ||
335 | ticket_iter_fin (void *cls) | ||
336 | { | ||
337 | ticket_iterator = NULL; | ||
338 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
339 | } | ||
340 | |||
341 | |||
342 | static void | ||
343 | ticket_iter (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | ||
344 | { | ||
345 | char *aud; | ||
346 | char *ref; | ||
347 | char *tkt; | ||
348 | |||
349 | aud = | ||
350 | GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, | ||
351 | sizeof(struct | ||
352 | GNUNET_CRYPTO_PublicKey)); | ||
353 | ref = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof(ticket->rnd)); | ||
354 | tkt = | ||
355 | GNUNET_STRINGS_data_to_string_alloc (ticket, | ||
356 | sizeof(struct GNUNET_RECLAIM_Ticket)); | ||
357 | fprintf (stdout, "Ticket: %s | ID: %s | Audience: %s\n", tkt, ref, aud); | ||
358 | GNUNET_free (aud); | ||
359 | GNUNET_free (ref); | ||
360 | GNUNET_free (tkt); | ||
361 | GNUNET_RECLAIM_ticket_iteration_next (ticket_iterator); | ||
362 | } | ||
363 | |||
364 | |||
365 | static void | ||
366 | iter_error (void *cls) | ||
367 | { | ||
368 | attr_iterator = NULL; | ||
369 | cred_iterator = NULL; | ||
370 | fprintf (stderr, "Failed\n"); | ||
371 | |||
372 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
373 | } | ||
374 | |||
375 | |||
376 | static void | ||
377 | timeout_task (void *cls) | ||
378 | { | ||
379 | timeout = NULL; | ||
380 | ret = 1; | ||
381 | fprintf (stderr, "Timeout\n"); | ||
382 | if (NULL == cleanup_task) | ||
383 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
384 | } | ||
385 | |||
386 | |||
387 | static void | ||
388 | process_rvk (void *cls, int success, const char *msg) | ||
389 | { | ||
390 | reclaim_op = NULL; | ||
391 | if (GNUNET_OK != success) | ||
392 | { | ||
393 | fprintf (stderr, "Revocation failed.\n"); | ||
394 | ret = 1; | ||
395 | } | ||
396 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
397 | } | ||
398 | |||
399 | |||
400 | static void | ||
401 | process_delete (void *cls, int success, const char *msg) | ||
402 | { | ||
403 | reclaim_op = NULL; | ||
404 | if (GNUNET_OK != success) | ||
405 | { | ||
406 | fprintf (stderr, "Deletion failed.\n"); | ||
407 | ret = 1; | ||
408 | } | ||
409 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
410 | } | ||
411 | |||
412 | |||
413 | static void | ||
414 | iter_finished (void *cls) | ||
415 | { | ||
416 | char *data; | ||
417 | size_t data_size; | ||
418 | int type; | ||
419 | |||
420 | attr_iterator = NULL; | ||
421 | if (list) | ||
422 | { | ||
423 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
424 | return; | ||
425 | } | ||
426 | |||
427 | if (issue_attrs) | ||
428 | { | ||
429 | reclaim_op = GNUNET_RECLAIM_ticket_issue (reclaim_handle, | ||
430 | pkey, | ||
431 | &rp_key, | ||
432 | attr_list, | ||
433 | &ticket_issue_cb, | ||
434 | NULL); | ||
435 | return; | ||
436 | } | ||
437 | if (consume_ticket) | ||
438 | { | ||
439 | reclaim_op = GNUNET_RECLAIM_ticket_consume (reclaim_handle, | ||
440 | pkey, | ||
441 | &ticket, | ||
442 | &process_attrs, | ||
443 | NULL); | ||
444 | timeout = GNUNET_SCHEDULER_add_delayed ( | ||
445 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 10), | ||
446 | &timeout_task, | ||
447 | NULL); | ||
448 | return; | ||
449 | } | ||
450 | if (revoke_ticket) | ||
451 | { | ||
452 | reclaim_op = GNUNET_RECLAIM_ticket_revoke (reclaim_handle, | ||
453 | pkey, | ||
454 | &ticket, | ||
455 | &process_rvk, | ||
456 | NULL); | ||
457 | return; | ||
458 | } | ||
459 | if (attr_delete) | ||
460 | { | ||
461 | if (NULL == attr_to_delete) | ||
462 | { | ||
463 | fprintf (stdout, "No such attribute ``%s''\n", attr_delete); | ||
464 | GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
465 | return; | ||
466 | } | ||
467 | reclaim_op = GNUNET_RECLAIM_attribute_delete (reclaim_handle, | ||
468 | pkey, | ||
469 | attr_to_delete, | ||
470 | &process_delete, | ||
471 | NULL); | ||
472 | return; | ||
473 | } | ||
474 | if (attr_name) | ||
475 | { | ||
476 | if (NULL == type_str) | ||
477 | type = GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING; | ||
478 | else | ||
479 | type = GNUNET_RECLAIM_attribute_typename_to_number (type_str); | ||
480 | |||
481 | GNUNET_assert (GNUNET_SYSERR != | ||
482 | GNUNET_RECLAIM_attribute_string_to_value (type, | ||
483 | attr_value, | ||
484 | (void **) &data, | ||
485 | &data_size)); | ||
486 | if (NULL != claim) | ||
487 | { | ||
488 | claim->type = type; | ||
489 | claim->data = data; | ||
490 | claim->data_size = data_size; | ||
491 | } | ||
492 | else | ||
493 | { | ||
494 | claim = | ||
495 | GNUNET_RECLAIM_attribute_new (attr_name, NULL, type, data, data_size); | ||
496 | } | ||
497 | if (NULL != credential_id) | ||
498 | { | ||
499 | claim->credential = credential; | ||
500 | } | ||
501 | reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle, | ||
502 | pkey, | ||
503 | claim, | ||
504 | &exp_interval, | ||
505 | &store_cont, | ||
506 | NULL); | ||
507 | GNUNET_free (data); | ||
508 | GNUNET_free (claim); | ||
509 | return; | ||
510 | } | ||
511 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
512 | } | ||
513 | |||
514 | |||
515 | static void | ||
516 | iter_cb (void *cls, | ||
517 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
518 | const struct GNUNET_RECLAIM_Attribute *attr) | ||
519 | { | ||
520 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
521 | char *attrs_tmp; | ||
522 | char *attr_str; | ||
523 | char *label; | ||
524 | char *id; | ||
525 | const char *attr_type; | ||
526 | |||
527 | if ((NULL != attr_name) && (NULL == claim)) | ||
528 | { | ||
529 | if (0 == strcasecmp (attr_name, attr->name)) | ||
530 | { | ||
531 | claim = GNUNET_RECLAIM_attribute_new (attr->name, | ||
532 | &attr->credential, | ||
533 | attr->type, | ||
534 | attr->data, | ||
535 | attr->data_size); | ||
536 | claim->id = attr->id; | ||
537 | } | ||
538 | } | ||
539 | else if (issue_attrs) | ||
540 | { | ||
541 | attrs_tmp = GNUNET_strdup (issue_attrs); | ||
542 | attr_str = strtok (attrs_tmp, ","); | ||
543 | while (NULL != attr_str) | ||
544 | { | ||
545 | if (0 != strcasecmp (attr_str, attr->name)) | ||
546 | { | ||
547 | attr_str = strtok (NULL, ","); | ||
548 | continue; | ||
549 | } | ||
550 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
551 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | ||
552 | &attr->credential, | ||
553 | attr->type, | ||
554 | attr->data, | ||
555 | attr->data_size); | ||
556 | le->attribute->flag = attr->flag; | ||
557 | le->attribute->id = attr->id; | ||
558 | GNUNET_CONTAINER_DLL_insert (attr_list->list_head, | ||
559 | attr_list->list_tail, | ||
560 | le); | ||
561 | break; | ||
562 | } | ||
563 | GNUNET_free (attrs_tmp); | ||
564 | } | ||
565 | else if (attr_delete && (NULL == attr_to_delete)) | ||
566 | { | ||
567 | label = GNUNET_STRINGS_data_to_string_alloc (&attr->id, sizeof(attr->id)); | ||
568 | if (0 == strcasecmp (attr_delete, label)) | ||
569 | { | ||
570 | attr_to_delete = GNUNET_RECLAIM_attribute_new (attr->name, | ||
571 | &attr->credential, | ||
572 | attr->type, | ||
573 | attr->data, | ||
574 | attr->data_size); | ||
575 | attr_to_delete->id = attr->id; | ||
576 | } | ||
577 | GNUNET_free (label); | ||
578 | } | ||
579 | else if (list) | ||
580 | { | ||
581 | attr_str = GNUNET_RECLAIM_attribute_value_to_string (attr->type, | ||
582 | attr->data, | ||
583 | attr->data_size); | ||
584 | attr_type = GNUNET_RECLAIM_attribute_number_to_typename (attr->type); | ||
585 | id = GNUNET_STRINGS_data_to_string_alloc (&attr->id, sizeof(attr->id)); | ||
586 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attr->credential)) | ||
587 | { | ||
588 | fprintf (stdout, | ||
589 | "%s: ``%s'' (%s); ID: %s\n", | ||
590 | attr->name, | ||
591 | attr_str, | ||
592 | attr_type, | ||
593 | id); | ||
594 | } | ||
595 | else | ||
596 | { | ||
597 | char *cred_id = | ||
598 | GNUNET_STRINGS_data_to_string_alloc (&attr->credential, | ||
599 | sizeof(attr->credential)); | ||
600 | fprintf (stdout, | ||
601 | "%s: ``%s'' in credential presentation `%s' (%s); ID: %s\n", | ||
602 | attr->name, | ||
603 | attr_str, | ||
604 | cred_id, | ||
605 | attr_type, | ||
606 | id); | ||
607 | GNUNET_free (cred_id); | ||
608 | |||
609 | } | ||
610 | GNUNET_free (id); | ||
611 | } | ||
612 | GNUNET_RECLAIM_get_attributes_next (attr_iterator); | ||
613 | } | ||
614 | |||
615 | |||
616 | static void | ||
617 | cred_iter_finished (void *cls) | ||
618 | { | ||
619 | cred_iterator = NULL; | ||
620 | |||
621 | // Add new credential | ||
622 | if ((NULL != credential_name) && | ||
623 | (NULL != attr_value)) | ||
624 | { | ||
625 | enum GNUNET_RECLAIM_CredentialType ctype = | ||
626 | GNUNET_RECLAIM_credential_typename_to_number (credential_type); | ||
627 | struct GNUNET_RECLAIM_Credential *credential = | ||
628 | GNUNET_RECLAIM_credential_new (credential_name, | ||
629 | ctype, | ||
630 | attr_value, | ||
631 | strlen (attr_value)); | ||
632 | reclaim_op = GNUNET_RECLAIM_credential_store (reclaim_handle, | ||
633 | pkey, | ||
634 | credential, | ||
635 | &exp_interval, | ||
636 | store_cont, | ||
637 | NULL); | ||
638 | return; | ||
639 | |||
640 | } | ||
641 | if (list_credentials) | ||
642 | { | ||
643 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
644 | return; | ||
645 | } | ||
646 | attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle, | ||
647 | pkey, | ||
648 | &iter_error, | ||
649 | NULL, | ||
650 | &iter_cb, | ||
651 | NULL, | ||
652 | &iter_finished, | ||
653 | NULL); | ||
654 | |||
655 | } | ||
656 | |||
657 | |||
658 | static void | ||
659 | cred_iter_cb (void *cls, | ||
660 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
661 | const struct GNUNET_RECLAIM_Credential *cred) | ||
662 | { | ||
663 | char *cred_str; | ||
664 | char *attr_str; | ||
665 | char *id; | ||
666 | const char *cred_type; | ||
667 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
668 | |||
669 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&credential, | ||
670 | &cred->id)) | ||
671 | credential_exists = GNUNET_YES; | ||
672 | if (list_credentials) | ||
673 | { | ||
674 | cred_str = GNUNET_RECLAIM_credential_value_to_string (cred->type, | ||
675 | cred->data, | ||
676 | cred->data_size); | ||
677 | cred_type = GNUNET_RECLAIM_credential_number_to_typename (cred->type); | ||
678 | id = GNUNET_STRINGS_data_to_string_alloc (&cred->id, sizeof(cred->id)); | ||
679 | fprintf (stdout, | ||
680 | "%s: ``%s'' (%s); ID: %s\n", | ||
681 | cred->name, | ||
682 | cred_str, | ||
683 | cred_type, | ||
684 | id); | ||
685 | struct GNUNET_RECLAIM_AttributeList *attrs = | ||
686 | GNUNET_RECLAIM_credential_get_attributes (cred); | ||
687 | if (NULL != attrs) | ||
688 | { | ||
689 | fprintf (stdout, | ||
690 | "\t Attributes:\n"); | ||
691 | for (ale = attrs->list_head; NULL != ale; ale = ale->next) | ||
692 | { | ||
693 | attr_str = GNUNET_RECLAIM_attribute_value_to_string ( | ||
694 | ale->attribute->type, | ||
695 | ale->attribute->data, | ||
696 | ale->attribute->data_size); | ||
697 | fprintf (stdout, | ||
698 | "\t %s: %s\n", ale->attribute->name, attr_str); | ||
699 | GNUNET_free (attr_str); | ||
700 | } | ||
701 | GNUNET_RECLAIM_attribute_list_destroy (attrs); | ||
702 | } | ||
703 | GNUNET_free (id); | ||
704 | } | ||
705 | GNUNET_RECLAIM_get_credentials_next (cred_iterator); | ||
706 | } | ||
707 | |||
708 | |||
709 | static void | ||
710 | start_process () | ||
711 | { | ||
712 | if (NULL == pkey) | ||
713 | { | ||
714 | fprintf (stderr, "Ego %s not found\n", ego_name); | ||
715 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
716 | return; | ||
717 | } | ||
718 | if (NULL == credential_type) | ||
719 | credential_type = GNUNET_strdup ("JWT"); | ||
720 | credential = GNUNET_RECLAIM_ID_ZERO; | ||
721 | if (NULL != credential_id) | ||
722 | GNUNET_STRINGS_string_to_data (credential_id, | ||
723 | strlen (credential_id), | ||
724 | &credential, sizeof(credential)); | ||
725 | credential_exists = GNUNET_NO; | ||
726 | if (list_tickets) | ||
727 | { | ||
728 | ticket_iterator = GNUNET_RECLAIM_ticket_iteration_start (reclaim_handle, | ||
729 | pkey, | ||
730 | &ticket_iter_err, | ||
731 | NULL, | ||
732 | &ticket_iter, | ||
733 | NULL, | ||
734 | &ticket_iter_fin, | ||
735 | NULL); | ||
736 | return; | ||
737 | } | ||
738 | |||
739 | if ((NULL != rp) && | ||
740 | (GNUNET_OK != | ||
741 | GNUNET_CRYPTO_public_key_from_string (rp, &rp_key)) ) | ||
742 | { | ||
743 | fprintf (stderr, "%s is not a public key!\n", rp); | ||
744 | cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL); | ||
745 | return; | ||
746 | } | ||
747 | if (NULL != consume_ticket) | ||
748 | GNUNET_STRINGS_string_to_data (consume_ticket, | ||
749 | strlen (consume_ticket), | ||
750 | &ticket, | ||
751 | sizeof(struct GNUNET_RECLAIM_Ticket)); | ||
752 | if (NULL != revoke_ticket) | ||
753 | GNUNET_STRINGS_string_to_data (revoke_ticket, | ||
754 | strlen (revoke_ticket), | ||
755 | &ticket, | ||
756 | sizeof(struct GNUNET_RECLAIM_Ticket)); | ||
757 | |||
758 | attr_list = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
759 | claim = NULL; | ||
760 | cred_iterator = GNUNET_RECLAIM_get_credentials_start (reclaim_handle, | ||
761 | pkey, | ||
762 | &iter_error, | ||
763 | NULL, | ||
764 | &cred_iter_cb, | ||
765 | NULL, | ||
766 | &cred_iter_finished, | ||
767 | NULL); | ||
768 | |||
769 | } | ||
770 | |||
771 | |||
772 | static int init = GNUNET_YES; | ||
773 | |||
774 | static void | ||
775 | ego_cb (void *cls, | ||
776 | struct GNUNET_IDENTITY_Ego *ego, | ||
777 | void **ctx, | ||
778 | const char *name) | ||
779 | { | ||
780 | if (NULL == name) | ||
781 | { | ||
782 | if (GNUNET_YES == init) | ||
783 | { | ||
784 | init = GNUNET_NO; | ||
785 | start_process (); | ||
786 | } | ||
787 | return; | ||
788 | } | ||
789 | if (0 != strcmp (name, ego_name)) | ||
790 | return; | ||
791 | pkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
792 | } | ||
793 | |||
794 | |||
795 | static void | ||
796 | run (void *cls, | ||
797 | char *const *args, | ||
798 | const char *cfgfile, | ||
799 | const struct GNUNET_CONFIGURATION_Handle *c) | ||
800 | { | ||
801 | ret = 0; | ||
802 | if (NULL == ego_name) | ||
803 | { | ||
804 | ret = 1; | ||
805 | fprintf (stderr, _ ("Ego is required\n")); | ||
806 | return; | ||
807 | } | ||
808 | |||
809 | if ((NULL == attr_value) && (NULL != attr_name)) | ||
810 | { | ||
811 | ret = 1; | ||
812 | fprintf (stderr, _ ("Attribute value missing!\n")); | ||
813 | return; | ||
814 | } | ||
815 | |||
816 | if ((NULL == rp) && (NULL != issue_attrs)) | ||
817 | { | ||
818 | ret = 1; | ||
819 | fprintf (stderr, _ ("Requesting party key is required!\n")); | ||
820 | return; | ||
821 | } | ||
822 | |||
823 | reclaim_handle = GNUNET_RECLAIM_connect (c); | ||
824 | // Get Ego | ||
825 | identity_handle = GNUNET_IDENTITY_connect (c, &ego_cb, NULL); | ||
826 | } | ||
827 | |||
828 | |||
829 | int | ||
830 | main (int argc, char *const argv[]) | ||
831 | { | ||
832 | exp_interval = GNUNET_TIME_UNIT_HOURS; | ||
833 | struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
834 | GNUNET_GETOPT_option_string ('a', | ||
835 | "add", | ||
836 | "NAME", | ||
837 | gettext_noop ("Add or update an attribute NAME"), | ||
838 | &attr_name), | ||
839 | GNUNET_GETOPT_option_string ('d', | ||
840 | "delete", | ||
841 | "ID", | ||
842 | gettext_noop ("Delete the attribute with ID"), | ||
843 | &attr_delete), | ||
844 | GNUNET_GETOPT_option_string ('V', | ||
845 | "value", | ||
846 | "VALUE", | ||
847 | gettext_noop ("The attribute VALUE"), | ||
848 | &attr_value), | ||
849 | GNUNET_GETOPT_option_string ('e', | ||
850 | "ego", | ||
851 | "EGO", | ||
852 | gettext_noop ("The EGO to use"), | ||
853 | &ego_name), | ||
854 | GNUNET_GETOPT_option_string ('r', | ||
855 | "rp", | ||
856 | "RP", | ||
857 | gettext_noop ( | ||
858 | "Specify the relying party for issue"), | ||
859 | &rp), | ||
860 | GNUNET_GETOPT_option_flag ('D', | ||
861 | "dump", | ||
862 | gettext_noop ("List attributes for EGO"), | ||
863 | &list), | ||
864 | GNUNET_GETOPT_option_flag ('A', | ||
865 | "credentials", | ||
866 | gettext_noop ("List credentials for EGO"), | ||
867 | &list_credentials), | ||
868 | GNUNET_GETOPT_option_string ('I', | ||
869 | "credential-id", | ||
870 | "CREDENTIAL_ID", | ||
871 | gettext_noop ( | ||
872 | "Credential to use for attribute"), | ||
873 | &credential_id), | ||
874 | GNUNET_GETOPT_option_string ('N', | ||
875 | "credential-name", | ||
876 | "NAME", | ||
877 | gettext_noop ("Credential name"), | ||
878 | &credential_name), | ||
879 | GNUNET_GETOPT_option_string ('i', | ||
880 | "issue", | ||
881 | "A1,A2,...", | ||
882 | gettext_noop ( | ||
883 | "Issue a ticket for a set of attributes separated by comma"), | ||
884 | &issue_attrs), | ||
885 | GNUNET_GETOPT_option_string ('C', | ||
886 | "consume", | ||
887 | "TICKET", | ||
888 | gettext_noop ("Consume a ticket"), | ||
889 | &consume_ticket), | ||
890 | GNUNET_GETOPT_option_string ('R', | ||
891 | "revoke", | ||
892 | "TICKET", | ||
893 | gettext_noop ("Revoke a ticket"), | ||
894 | &revoke_ticket), | ||
895 | GNUNET_GETOPT_option_string ('t', | ||
896 | "type", | ||
897 | "TYPE", | ||
898 | gettext_noop ("Type of attribute"), | ||
899 | &type_str), | ||
900 | GNUNET_GETOPT_option_string ('u', | ||
901 | "credential-type", | ||
902 | "TYPE", | ||
903 | gettext_noop ("Type of credential"), | ||
904 | &credential_type), | ||
905 | GNUNET_GETOPT_option_flag ('T', | ||
906 | "tickets", | ||
907 | gettext_noop ("List tickets of ego"), | ||
908 | &list_tickets), | ||
909 | GNUNET_GETOPT_option_relative_time ('E', | ||
910 | "expiration", | ||
911 | "INTERVAL", | ||
912 | gettext_noop ( | ||
913 | "Expiration interval of the attribute"), | ||
914 | &exp_interval), | ||
915 | |||
916 | GNUNET_GETOPT_OPTION_END | ||
917 | }; | ||
918 | if (GNUNET_OK != GNUNET_PROGRAM_run (argc, | ||
919 | argv, | ||
920 | "gnunet-reclaim", | ||
921 | _ ("re:claimID command line tool"), | ||
922 | options, | ||
923 | &run, | ||
924 | NULL)) | ||
925 | return 1; | ||
926 | else | ||
927 | return ret; | ||
928 | } | ||
diff --git a/src/reclaim/gnunet-service-reclaim.c b/src/reclaim/gnunet-service-reclaim.c deleted file mode 100644 index 47a86a3e8..000000000 --- a/src/reclaim/gnunet-service-reclaim.c +++ /dev/null | |||
@@ -1,2814 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file src/reclaim/gnunet-service-reclaim.c | ||
23 | * @brief reclaim Service | ||
24 | * | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet-service-reclaim_tickets.h" | ||
29 | #include "gnunet_constants.h" | ||
30 | #include "gnunet_gnsrecord_lib.h" | ||
31 | #include "gnunet_protocols.h" | ||
32 | #include "gnunet_reclaim_lib.h" | ||
33 | #include "gnunet_reclaim_service.h" | ||
34 | #include "gnunet_signatures.h" | ||
35 | #include "reclaim.h" | ||
36 | |||
37 | |||
38 | /** | ||
39 | * Namestore handle | ||
40 | */ | ||
41 | static struct GNUNET_NAMESTORE_Handle *nsh; | ||
42 | |||
43 | /** | ||
44 | * Timeout task | ||
45 | */ | ||
46 | static struct GNUNET_SCHEDULER_Task *timeout_task; | ||
47 | |||
48 | /** | ||
49 | * Our configuration. | ||
50 | */ | ||
51 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
52 | |||
53 | /** | ||
54 | * An idp client | ||
55 | */ | ||
56 | struct IdpClient; | ||
57 | |||
58 | /** | ||
59 | * A ticket iteration operation. | ||
60 | */ | ||
61 | struct TicketIteration | ||
62 | { | ||
63 | /** | ||
64 | * DLL | ||
65 | */ | ||
66 | struct TicketIteration *next; | ||
67 | |||
68 | /** | ||
69 | * DLL | ||
70 | */ | ||
71 | struct TicketIteration *prev; | ||
72 | |||
73 | /** | ||
74 | * Client which intiated this zone iteration | ||
75 | */ | ||
76 | struct IdpClient *client; | ||
77 | |||
78 | /** | ||
79 | * The operation id for the iteration in the response for the client | ||
80 | */ | ||
81 | uint32_t r_id; | ||
82 | |||
83 | /** | ||
84 | * The ticket iterator | ||
85 | */ | ||
86 | struct RECLAIM_TICKETS_Iterator *iter; | ||
87 | }; | ||
88 | |||
89 | |||
90 | /** | ||
91 | * An attribute iteration operation. | ||
92 | */ | ||
93 | struct Iterator | ||
94 | { | ||
95 | /** | ||
96 | * Next element in the DLL | ||
97 | */ | ||
98 | struct Iterator *next; | ||
99 | |||
100 | /** | ||
101 | * Previous element in the DLL | ||
102 | */ | ||
103 | struct Iterator *prev; | ||
104 | |||
105 | /** | ||
106 | * IDP client which intiated this zone iteration | ||
107 | */ | ||
108 | struct IdpClient *client; | ||
109 | |||
110 | /** | ||
111 | * Key of the zone we are iterating over. | ||
112 | */ | ||
113 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
114 | |||
115 | /** | ||
116 | * Namestore iterator | ||
117 | */ | ||
118 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
119 | |||
120 | /** | ||
121 | * The operation id for the zone iteration in the response for the client | ||
122 | */ | ||
123 | uint32_t request_id; | ||
124 | |||
125 | /** | ||
126 | * Context | ||
127 | */ | ||
128 | void *ctx; | ||
129 | }; | ||
130 | |||
131 | |||
132 | /** | ||
133 | * An idp client | ||
134 | */ | ||
135 | struct IdpClient | ||
136 | { | ||
137 | /** | ||
138 | * DLL | ||
139 | */ | ||
140 | struct IdpClient *prev; | ||
141 | |||
142 | /** | ||
143 | * DLL | ||
144 | */ | ||
145 | struct IdpClient *next; | ||
146 | |||
147 | /** | ||
148 | * The client | ||
149 | */ | ||
150 | struct GNUNET_SERVICE_Client *client; | ||
151 | |||
152 | /** | ||
153 | * Message queue for transmission to @e client | ||
154 | */ | ||
155 | struct GNUNET_MQ_Handle *mq; | ||
156 | |||
157 | /** | ||
158 | * Head of the DLL of | ||
159 | * Attribute iteration operations in | ||
160 | * progress initiated by this client | ||
161 | */ | ||
162 | struct Iterator *attr_iter_head; | ||
163 | |||
164 | /** | ||
165 | * Tail of the DLL of | ||
166 | * Attribute iteration operations | ||
167 | * in progress initiated by this client | ||
168 | */ | ||
169 | struct Iterator *attr_iter_tail; | ||
170 | |||
171 | /** | ||
172 | * Head of the DLL of | ||
173 | * Credential iteration operations in | ||
174 | * progress initiated by this client | ||
175 | */ | ||
176 | struct Iterator *cred_iter_head; | ||
177 | |||
178 | /** | ||
179 | * Tail of the DLL of | ||
180 | * Credential iteration operations | ||
181 | * in progress initiated by this client | ||
182 | */ | ||
183 | struct Iterator *cred_iter_tail; | ||
184 | |||
185 | /** | ||
186 | * Head of DLL of ticket iteration ops | ||
187 | */ | ||
188 | struct TicketIteration *ticket_iter_head; | ||
189 | |||
190 | /** | ||
191 | * Tail of DLL of ticket iteration ops | ||
192 | */ | ||
193 | struct TicketIteration *ticket_iter_tail; | ||
194 | |||
195 | /** | ||
196 | * Head of DLL of ticket revocation ops | ||
197 | */ | ||
198 | struct TicketRevocationOperation *revoke_op_head; | ||
199 | |||
200 | /** | ||
201 | * Tail of DLL of ticket revocation ops | ||
202 | */ | ||
203 | struct TicketRevocationOperation *revoke_op_tail; | ||
204 | |||
205 | /** | ||
206 | * Head of DLL of ticket issue ops | ||
207 | */ | ||
208 | struct TicketIssueOperation *issue_op_head; | ||
209 | |||
210 | /** | ||
211 | * Tail of DLL of ticket issue ops | ||
212 | */ | ||
213 | struct TicketIssueOperation *issue_op_tail; | ||
214 | |||
215 | /** | ||
216 | * Head of DLL of ticket consume ops | ||
217 | */ | ||
218 | struct ConsumeTicketOperation *consume_op_head; | ||
219 | |||
220 | /** | ||
221 | * Tail of DLL of ticket consume ops | ||
222 | */ | ||
223 | struct ConsumeTicketOperation *consume_op_tail; | ||
224 | |||
225 | /** | ||
226 | * Head of DLL of attribute store ops | ||
227 | */ | ||
228 | struct AttributeStoreHandle *store_op_head; | ||
229 | |||
230 | /** | ||
231 | * Tail of DLL of attribute store ops | ||
232 | */ | ||
233 | struct AttributeStoreHandle *store_op_tail; | ||
234 | /** | ||
235 | * Head of DLL of attribute delete ops | ||
236 | */ | ||
237 | struct AttributeDeleteHandle *delete_op_head; | ||
238 | |||
239 | /** | ||
240 | * Tail of DLL of attribute delete ops | ||
241 | */ | ||
242 | struct AttributeDeleteHandle *delete_op_tail; | ||
243 | }; | ||
244 | |||
245 | |||
246 | /** | ||
247 | * Handle for attribute deletion request | ||
248 | */ | ||
249 | struct AttributeDeleteHandle | ||
250 | { | ||
251 | /** | ||
252 | * DLL | ||
253 | */ | ||
254 | struct AttributeDeleteHandle *next; | ||
255 | |||
256 | /** | ||
257 | * DLL | ||
258 | */ | ||
259 | struct AttributeDeleteHandle *prev; | ||
260 | |||
261 | /** | ||
262 | * Client connection | ||
263 | */ | ||
264 | struct IdpClient *client; | ||
265 | |||
266 | /** | ||
267 | * Identity | ||
268 | */ | ||
269 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
270 | |||
271 | |||
272 | /** | ||
273 | * QueueEntry | ||
274 | */ | ||
275 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
276 | |||
277 | /** | ||
278 | * Iterator | ||
279 | */ | ||
280 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
281 | |||
282 | /** | ||
283 | * The attribute to delete | ||
284 | */ | ||
285 | struct GNUNET_RECLAIM_Attribute *claim; | ||
286 | |||
287 | /** | ||
288 | * The credential to delete | ||
289 | */ | ||
290 | struct GNUNET_RECLAIM_Credential *credential; | ||
291 | |||
292 | /** | ||
293 | * Tickets to update | ||
294 | */ | ||
295 | struct TicketRecordsEntry *tickets_to_update_head; | ||
296 | |||
297 | /** | ||
298 | * Tickets to update | ||
299 | */ | ||
300 | struct TicketRecordsEntry *tickets_to_update_tail; | ||
301 | |||
302 | /** | ||
303 | * Existing attributes | ||
304 | */ | ||
305 | struct GNUNET_RECLAIM_AttributeList *existing_attributes; | ||
306 | |||
307 | /** | ||
308 | * Existing credentials | ||
309 | */ | ||
310 | struct GNUNET_RECLAIM_CredentialList *existing_credentials; | ||
311 | |||
312 | /** | ||
313 | * Attribute label | ||
314 | */ | ||
315 | char *label; | ||
316 | |||
317 | /** | ||
318 | * request id | ||
319 | */ | ||
320 | uint32_t r_id; | ||
321 | }; | ||
322 | |||
323 | |||
324 | /** | ||
325 | * Handle for attribute store request | ||
326 | */ | ||
327 | struct AttributeStoreHandle | ||
328 | { | ||
329 | /** | ||
330 | * DLL | ||
331 | */ | ||
332 | struct AttributeStoreHandle *next; | ||
333 | |||
334 | /** | ||
335 | * DLL | ||
336 | */ | ||
337 | struct AttributeStoreHandle *prev; | ||
338 | |||
339 | /** | ||
340 | * Client connection | ||
341 | */ | ||
342 | struct IdpClient *client; | ||
343 | |||
344 | /** | ||
345 | * Identity | ||
346 | */ | ||
347 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
348 | |||
349 | /** | ||
350 | * Identity pubkey | ||
351 | */ | ||
352 | struct GNUNET_CRYPTO_PublicKey identity_pkey; | ||
353 | |||
354 | /** | ||
355 | * QueueEntry | ||
356 | */ | ||
357 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
358 | |||
359 | /** | ||
360 | * The attribute to store | ||
361 | */ | ||
362 | struct GNUNET_RECLAIM_Attribute *claim; | ||
363 | |||
364 | /** | ||
365 | * The credential to store | ||
366 | */ | ||
367 | struct GNUNET_RECLAIM_Credential *credential; | ||
368 | |||
369 | /** | ||
370 | * The attribute expiration interval | ||
371 | */ | ||
372 | struct GNUNET_TIME_Relative exp; | ||
373 | |||
374 | /** | ||
375 | * request id | ||
376 | */ | ||
377 | uint32_t r_id; | ||
378 | }; | ||
379 | |||
380 | |||
381 | /** | ||
382 | * Handle for ticket consume request | ||
383 | */ | ||
384 | struct ConsumeTicketOperation | ||
385 | { | ||
386 | /** | ||
387 | * DLL | ||
388 | */ | ||
389 | struct ConsumeTicketOperation *next; | ||
390 | |||
391 | /** | ||
392 | * DLL | ||
393 | */ | ||
394 | struct ConsumeTicketOperation *prev; | ||
395 | |||
396 | /** | ||
397 | * Client connection | ||
398 | */ | ||
399 | struct IdpClient *client; | ||
400 | |||
401 | /** | ||
402 | * request id | ||
403 | */ | ||
404 | uint32_t r_id; | ||
405 | |||
406 | /** | ||
407 | * Ticket consume handle | ||
408 | */ | ||
409 | struct RECLAIM_TICKETS_ConsumeHandle *ch; | ||
410 | }; | ||
411 | |||
412 | |||
413 | /** | ||
414 | * Ticket revocation request handle | ||
415 | */ | ||
416 | struct TicketRevocationOperation | ||
417 | { | ||
418 | /** | ||
419 | * DLL | ||
420 | */ | ||
421 | struct TicketRevocationOperation *prev; | ||
422 | |||
423 | /** | ||
424 | * DLL | ||
425 | */ | ||
426 | struct TicketRevocationOperation *next; | ||
427 | |||
428 | /** | ||
429 | * Client connection | ||
430 | */ | ||
431 | struct IdpClient *client; | ||
432 | |||
433 | /** | ||
434 | * Revocation handle | ||
435 | */ | ||
436 | struct RECLAIM_TICKETS_RevokeHandle *rh; | ||
437 | |||
438 | /** | ||
439 | * request id | ||
440 | */ | ||
441 | uint32_t r_id; | ||
442 | }; | ||
443 | |||
444 | |||
445 | /** | ||
446 | * Ticket issue operation handle | ||
447 | */ | ||
448 | struct TicketIssueOperation | ||
449 | { | ||
450 | /** | ||
451 | * DLL | ||
452 | */ | ||
453 | struct TicketIssueOperation *prev; | ||
454 | |||
455 | /** | ||
456 | * DLL | ||
457 | */ | ||
458 | struct TicketIssueOperation *next; | ||
459 | |||
460 | /** | ||
461 | * Client connection | ||
462 | */ | ||
463 | struct IdpClient *client; | ||
464 | |||
465 | /** | ||
466 | * request id | ||
467 | */ | ||
468 | uint32_t r_id; | ||
469 | }; | ||
470 | |||
471 | |||
472 | /** | ||
473 | * Client list | ||
474 | */ | ||
475 | static struct IdpClient *client_list_head = NULL; | ||
476 | |||
477 | /** | ||
478 | * Client list | ||
479 | */ | ||
480 | static struct IdpClient *client_list_tail = NULL; | ||
481 | |||
482 | |||
483 | /** | ||
484 | * Cleanup attribute delete handle | ||
485 | * | ||
486 | * @param adh the attribute to cleanup | ||
487 | */ | ||
488 | static void | ||
489 | cleanup_adh (struct AttributeDeleteHandle *adh) | ||
490 | { | ||
491 | struct TicketRecordsEntry *le; | ||
492 | |||
493 | if (NULL != adh->ns_it) | ||
494 | GNUNET_NAMESTORE_zone_iteration_stop (adh->ns_it); | ||
495 | if (NULL != adh->ns_qe) | ||
496 | GNUNET_NAMESTORE_cancel (adh->ns_qe); | ||
497 | if (NULL != adh->label) | ||
498 | GNUNET_free (adh->label); | ||
499 | if (NULL != adh->claim) | ||
500 | GNUNET_free (adh->claim); | ||
501 | if (NULL != adh->credential) | ||
502 | GNUNET_free (adh->credential); | ||
503 | if (NULL != adh->existing_credentials) | ||
504 | GNUNET_RECLAIM_credential_list_destroy (adh->existing_credentials); | ||
505 | if (NULL != adh->existing_attributes) | ||
506 | GNUNET_RECLAIM_attribute_list_destroy (adh->existing_attributes); | ||
507 | while (NULL != (le = adh->tickets_to_update_head)) | ||
508 | { | ||
509 | GNUNET_CONTAINER_DLL_remove (adh->tickets_to_update_head, | ||
510 | adh->tickets_to_update_tail, | ||
511 | le); | ||
512 | if (NULL != le->label) | ||
513 | GNUNET_free (le->label); | ||
514 | if (NULL != le->data) | ||
515 | GNUNET_free (le->data); | ||
516 | GNUNET_free (le); | ||
517 | } | ||
518 | GNUNET_free (adh); | ||
519 | } | ||
520 | |||
521 | |||
522 | /** | ||
523 | * Cleanup attribute store handle | ||
524 | * | ||
525 | * @param ash handle to clean up | ||
526 | */ | ||
527 | static void | ||
528 | cleanup_as_handle (struct AttributeStoreHandle *ash) | ||
529 | { | ||
530 | if (NULL != ash->ns_qe) | ||
531 | GNUNET_NAMESTORE_cancel (ash->ns_qe); | ||
532 | if (NULL != ash->claim) | ||
533 | GNUNET_free (ash->claim); | ||
534 | if (NULL != ash->credential) | ||
535 | GNUNET_free (ash->credential); | ||
536 | GNUNET_free (ash); | ||
537 | } | ||
538 | |||
539 | |||
540 | /** | ||
541 | * Cleanup client | ||
542 | * | ||
543 | * @param idp the client to clean up | ||
544 | */ | ||
545 | static void | ||
546 | cleanup_client (struct IdpClient *idp) | ||
547 | { | ||
548 | struct Iterator *ai; | ||
549 | struct TicketIteration *ti; | ||
550 | struct TicketRevocationOperation *rop; | ||
551 | struct TicketIssueOperation *iss; | ||
552 | struct ConsumeTicketOperation *ct; | ||
553 | struct AttributeStoreHandle *as; | ||
554 | struct AttributeDeleteHandle *adh; | ||
555 | |||
556 | while (NULL != (iss = idp->issue_op_head)) | ||
557 | { | ||
558 | GNUNET_CONTAINER_DLL_remove (idp->issue_op_head, idp->issue_op_tail, iss); | ||
559 | GNUNET_free (iss); | ||
560 | } | ||
561 | while (NULL != (ct = idp->consume_op_head)) | ||
562 | { | ||
563 | GNUNET_CONTAINER_DLL_remove (idp->consume_op_head, | ||
564 | idp->consume_op_tail, | ||
565 | ct); | ||
566 | if (NULL != ct->ch) | ||
567 | RECLAIM_TICKETS_consume_cancel (ct->ch); | ||
568 | GNUNET_free (ct); | ||
569 | } | ||
570 | while (NULL != (as = idp->store_op_head)) | ||
571 | { | ||
572 | GNUNET_CONTAINER_DLL_remove (idp->store_op_head, idp->store_op_tail, as); | ||
573 | cleanup_as_handle (as); | ||
574 | } | ||
575 | while (NULL != (adh = idp->delete_op_head)) | ||
576 | { | ||
577 | GNUNET_CONTAINER_DLL_remove (idp->delete_op_head, idp->delete_op_tail, adh); | ||
578 | cleanup_adh (adh); | ||
579 | } | ||
580 | |||
581 | while (NULL != (ai = idp->attr_iter_head)) | ||
582 | { | ||
583 | GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, idp->attr_iter_tail, ai); | ||
584 | GNUNET_free (ai); | ||
585 | } | ||
586 | while (NULL != (ai = idp->cred_iter_head)) | ||
587 | { | ||
588 | GNUNET_CONTAINER_DLL_remove (idp->cred_iter_head, idp->cred_iter_tail, | ||
589 | ai); | ||
590 | GNUNET_free (ai); | ||
591 | } | ||
592 | |||
593 | while (NULL != (rop = idp->revoke_op_head)) | ||
594 | { | ||
595 | GNUNET_CONTAINER_DLL_remove (idp->revoke_op_head, idp->revoke_op_tail, rop); | ||
596 | if (NULL != rop->rh) | ||
597 | RECLAIM_TICKETS_revoke_cancel (rop->rh); | ||
598 | GNUNET_free (rop); | ||
599 | } | ||
600 | while (NULL != (ti = idp->ticket_iter_head)) | ||
601 | { | ||
602 | GNUNET_CONTAINER_DLL_remove (idp->ticket_iter_head, | ||
603 | idp->ticket_iter_tail, | ||
604 | ti); | ||
605 | if (NULL != ti->iter) | ||
606 | RECLAIM_TICKETS_iteration_stop (ti->iter); | ||
607 | GNUNET_free (ti); | ||
608 | } | ||
609 | GNUNET_free (idp); | ||
610 | } | ||
611 | |||
612 | |||
613 | /** | ||
614 | * Cleanup task | ||
615 | */ | ||
616 | static void | ||
617 | cleanup () | ||
618 | { | ||
619 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); | ||
620 | |||
621 | RECLAIM_TICKETS_deinit (); | ||
622 | if (NULL != timeout_task) | ||
623 | GNUNET_SCHEDULER_cancel (timeout_task); | ||
624 | if (NULL != nsh) | ||
625 | GNUNET_NAMESTORE_disconnect (nsh); | ||
626 | } | ||
627 | |||
628 | |||
629 | /** | ||
630 | * Shutdown task | ||
631 | * | ||
632 | * @param cls NULL | ||
633 | */ | ||
634 | static void | ||
635 | do_shutdown (void *cls) | ||
636 | { | ||
637 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Shutting down...\n"); | ||
638 | cleanup (); | ||
639 | } | ||
640 | |||
641 | |||
642 | /** | ||
643 | * Sends a ticket result message to the client | ||
644 | * | ||
645 | * @param client the client to send to | ||
646 | * @param r_id the request message ID to reply to | ||
647 | * @param ticket the ticket to include (may be NULL) | ||
648 | * @param success the success status of the request | ||
649 | */ | ||
650 | static void | ||
651 | send_ticket_result (const struct IdpClient *client, | ||
652 | uint32_t r_id, | ||
653 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
654 | const struct GNUNET_RECLAIM_PresentationList *presentations, | ||
655 | uint32_t success) | ||
656 | { | ||
657 | struct TicketResultMessage *irm; | ||
658 | struct GNUNET_MQ_Envelope *env; | ||
659 | size_t pres_len = 0; | ||
660 | size_t tkt_len = 0; | ||
661 | ssize_t written; | ||
662 | char *buf; | ||
663 | |||
664 | if (NULL != presentations) | ||
665 | { | ||
666 | pres_len = | ||
667 | GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations); | ||
668 | } | ||
669 | if (NULL != ticket) | ||
670 | tkt_len = GNUNET_RECLAIM_ticket_serialize_get_size (ticket); | ||
671 | env = GNUNET_MQ_msg_extra (irm, | ||
672 | pres_len + tkt_len, | ||
673 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT); | ||
674 | buf = (char*) &irm[1]; | ||
675 | if (NULL != ticket) | ||
676 | { | ||
677 | irm->tkt_len = htons (tkt_len); | ||
678 | written = GNUNET_RECLAIM_write_ticket_to_buffer (ticket, buf, tkt_len); | ||
679 | GNUNET_assert (0 <= written); | ||
680 | buf += written; | ||
681 | } | ||
682 | // TODO add success member | ||
683 | irm->id = htonl (r_id); | ||
684 | irm->presentations_len = htons (pres_len); | ||
685 | if (NULL != presentations) | ||
686 | { | ||
687 | GNUNET_RECLAIM_presentation_list_serialize (presentations, | ||
688 | buf); | ||
689 | } | ||
690 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending TICKET_RESULT message\n"); | ||
691 | GNUNET_MQ_send (client->mq, env); | ||
692 | } | ||
693 | |||
694 | |||
695 | /** | ||
696 | * Issue ticket result | ||
697 | * | ||
698 | * @param cls out ticket issue operation handle | ||
699 | * @param ticket the issued ticket | ||
700 | * @param presentations newly created credential presentations (NULL on error) | ||
701 | * @param success issue success status (GNUNET_OK if successful) | ||
702 | * @param emsg error message (NULL of success is GNUNET_OK) | ||
703 | */ | ||
704 | static void | ||
705 | issue_ticket_result_cb (void *cls, | ||
706 | struct GNUNET_RECLAIM_Ticket *ticket, | ||
707 | struct GNUNET_RECLAIM_PresentationList *presentations, | ||
708 | int32_t success, | ||
709 | const char *emsg) | ||
710 | { | ||
711 | struct TicketIssueOperation *tio = cls; | ||
712 | |||
713 | if (GNUNET_OK != success) | ||
714 | { | ||
715 | send_ticket_result (tio->client, tio->r_id, NULL, NULL, GNUNET_SYSERR); | ||
716 | GNUNET_CONTAINER_DLL_remove (tio->client->issue_op_head, | ||
717 | tio->client->issue_op_tail, | ||
718 | tio); | ||
719 | GNUNET_free (tio); | ||
720 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error issuing ticket: %s\n", emsg); | ||
721 | return; | ||
722 | } | ||
723 | send_ticket_result (tio->client, tio->r_id, | ||
724 | ticket, presentations, GNUNET_SYSERR); | ||
725 | GNUNET_CONTAINER_DLL_remove (tio->client->issue_op_head, | ||
726 | tio->client->issue_op_tail, | ||
727 | tio); | ||
728 | GNUNET_free (tio); | ||
729 | } | ||
730 | |||
731 | |||
732 | /** | ||
733 | * Check issue ticket message | ||
734 | * | ||
735 | * @param cls unused | ||
736 | * @param im message to check | ||
737 | * @return GNUNET_OK if message is ok | ||
738 | */ | ||
739 | static int | ||
740 | check_issue_ticket_message (void *cls, const struct IssueTicketMessage *im) | ||
741 | { | ||
742 | uint16_t size; | ||
743 | size_t attrs_len; | ||
744 | size_t key_len; | ||
745 | size_t pkey_len; | ||
746 | |||
747 | size = ntohs (im->header.size); | ||
748 | attrs_len = ntohs (im->attr_len); | ||
749 | key_len = ntohs (im->key_len); | ||
750 | pkey_len = ntohs (im->pkey_len); | ||
751 | if (size != attrs_len + key_len + pkey_len + sizeof(struct | ||
752 | IssueTicketMessage)) | ||
753 | { | ||
754 | GNUNET_break (0); | ||
755 | return GNUNET_SYSERR; | ||
756 | } | ||
757 | return GNUNET_OK; | ||
758 | } | ||
759 | |||
760 | |||
761 | /** | ||
762 | * Handle ticket issue message | ||
763 | * | ||
764 | * @param cls our client | ||
765 | * @param im the message | ||
766 | */ | ||
767 | static void | ||
768 | handle_issue_ticket_message (void *cls, const struct IssueTicketMessage *im) | ||
769 | { | ||
770 | struct TicketIssueOperation *tio; | ||
771 | struct IdpClient *idp = cls; | ||
772 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
773 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
774 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
775 | struct GNUNET_CRYPTO_PublicKey rp; | ||
776 | size_t attrs_len; | ||
777 | size_t key_len; | ||
778 | size_t pkey_len; | ||
779 | size_t read; | ||
780 | char *buf; | ||
781 | |||
782 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received ISSUE_TICKET message\n"); | ||
783 | key_len = ntohs (im->key_len); | ||
784 | buf = (char *) &im[1]; | ||
785 | if ((GNUNET_SYSERR == | ||
786 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
787 | &identity, &read)) || | ||
788 | (read != key_len)) | ||
789 | { | ||
790 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
791 | "Failed to read private key\n"); | ||
792 | GNUNET_SERVICE_client_drop (idp->client); | ||
793 | return; | ||
794 | } | ||
795 | buf += read; | ||
796 | pkey_len = ntohs (im->pkey_len); | ||
797 | if ((GNUNET_SYSERR == | ||
798 | GNUNET_CRYPTO_read_public_key_from_buffer (buf, pkey_len, | ||
799 | &rp, &read)) || | ||
800 | (read != pkey_len)) | ||
801 | { | ||
802 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
803 | "Failed to read public key\n"); | ||
804 | GNUNET_SERVICE_client_drop (idp->client); | ||
805 | return; | ||
806 | } | ||
807 | buf += read; | ||
808 | tio = GNUNET_new (struct TicketIssueOperation); | ||
809 | attrs_len = ntohs (im->attr_len); | ||
810 | attrs = GNUNET_RECLAIM_attribute_list_deserialize (buf, | ||
811 | attrs_len); | ||
812 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
813 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
814 | "List entry: %s\n", le->attribute->name); | ||
815 | |||
816 | tio->r_id = ntohl (im->id); | ||
817 | tio->client = idp; | ||
818 | GNUNET_CONTAINER_DLL_insert (idp->issue_op_head, idp->issue_op_tail, tio); | ||
819 | RECLAIM_TICKETS_issue (&identity, | ||
820 | attrs, | ||
821 | &rp, | ||
822 | &issue_ticket_result_cb, | ||
823 | tio); | ||
824 | GNUNET_SERVICE_client_continue (idp->client); | ||
825 | GNUNET_RECLAIM_attribute_list_destroy (attrs); | ||
826 | } | ||
827 | |||
828 | |||
829 | /********************************************************** | ||
830 | * Revocation | ||
831 | **********************************************************/ | ||
832 | |||
833 | /** | ||
834 | * Handles revocation result | ||
835 | * | ||
836 | * @param cls our revocation operation handle | ||
837 | * @param success revocation result (GNUNET_OK if successful) | ||
838 | */ | ||
839 | static void | ||
840 | revoke_result_cb (void *cls, int32_t success) | ||
841 | { | ||
842 | struct TicketRevocationOperation *rop = cls; | ||
843 | struct GNUNET_MQ_Envelope *env; | ||
844 | struct RevokeTicketResultMessage *trm; | ||
845 | |||
846 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
847 | "Sending REVOKE_TICKET_RESULT message\n"); | ||
848 | rop->rh = NULL; | ||
849 | env = GNUNET_MQ_msg (trm, GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT); | ||
850 | trm->id = htonl (rop->r_id); | ||
851 | trm->success = htonl (success); | ||
852 | GNUNET_MQ_send (rop->client->mq, env); | ||
853 | GNUNET_CONTAINER_DLL_remove (rop->client->revoke_op_head, | ||
854 | rop->client->revoke_op_tail, | ||
855 | rop); | ||
856 | GNUNET_free (rop); | ||
857 | } | ||
858 | |||
859 | |||
860 | /** | ||
861 | * Check revocation message format | ||
862 | * | ||
863 | * @param cls unused | ||
864 | * @param im the message to check | ||
865 | * @return GNUNET_OK if message is ok | ||
866 | */ | ||
867 | static int | ||
868 | check_revoke_ticket_message (void *cls, const struct RevokeTicketMessage *im) | ||
869 | { | ||
870 | uint16_t size; | ||
871 | |||
872 | size = ntohs (im->header.size); | ||
873 | if (size != sizeof(struct RevokeTicketMessage)) | ||
874 | { | ||
875 | GNUNET_break (0); | ||
876 | return GNUNET_SYSERR; | ||
877 | } | ||
878 | return GNUNET_OK; | ||
879 | } | ||
880 | |||
881 | |||
882 | /** | ||
883 | * Handle a revocation message to a ticket. | ||
884 | * | ||
885 | * @param cls our client | ||
886 | * @param rm the message to handle | ||
887 | */ | ||
888 | static void | ||
889 | handle_revoke_ticket_message (void *cls, const struct RevokeTicketMessage *rm) | ||
890 | { | ||
891 | struct TicketRevocationOperation *rop; | ||
892 | struct IdpClient *idp = cls; | ||
893 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
894 | struct GNUNET_RECLAIM_Ticket ticket; | ||
895 | size_t key_len; | ||
896 | size_t tkt_len; | ||
897 | size_t read; | ||
898 | char *buf; | ||
899 | |||
900 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received REVOKE_TICKET message\n"); | ||
901 | key_len = ntohs (rm->key_len); | ||
902 | buf = (char *) &rm[1]; | ||
903 | if ((GNUNET_SYSERR == | ||
904 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
905 | &identity, &read)) || | ||
906 | (read != key_len)) | ||
907 | { | ||
908 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
909 | "Failed to read private key\n"); | ||
910 | GNUNET_SERVICE_client_drop (idp->client); | ||
911 | return; | ||
912 | } | ||
913 | buf += read; | ||
914 | tkt_len = ntohs (rm->tkt_len); | ||
915 | if ((GNUNET_SYSERR == | ||
916 | GNUNET_RECLAIM_read_ticket_from_buffer (buf, tkt_len, | ||
917 | &ticket, &read)) || | ||
918 | (read != tkt_len)) | ||
919 | { | ||
920 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
921 | "Failed to read ticket\n"); | ||
922 | GNUNET_SERVICE_client_drop (idp->client); | ||
923 | return; | ||
924 | } | ||
925 | rop = GNUNET_new (struct TicketRevocationOperation); | ||
926 | rop->r_id = ntohl (rm->id); | ||
927 | rop->client = idp; | ||
928 | GNUNET_CONTAINER_DLL_insert (idp->revoke_op_head, idp->revoke_op_tail, rop); | ||
929 | rop->rh | ||
930 | = RECLAIM_TICKETS_revoke (&ticket, &identity, &revoke_result_cb, rop); | ||
931 | GNUNET_SERVICE_client_continue (idp->client); | ||
932 | } | ||
933 | |||
934 | |||
935 | /** | ||
936 | * Handle a ticket consume result | ||
937 | * | ||
938 | * @param cls our consume ticket operation handle | ||
939 | * @param identity the attribute authority | ||
940 | * @param attrs the attribute/claim list | ||
941 | * @param success GNUNET_OK if successful | ||
942 | * @param emsg error message (NULL if success=GNUNET_OK) | ||
943 | */ | ||
944 | static void | ||
945 | consume_result_cb (void *cls, | ||
946 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
947 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
948 | const struct GNUNET_RECLAIM_PresentationList *presentations, | ||
949 | int32_t success, | ||
950 | const char *emsg) | ||
951 | { | ||
952 | struct ConsumeTicketOperation *cop = cls; | ||
953 | struct ConsumeTicketResultMessage *crm; | ||
954 | struct GNUNET_MQ_Envelope *env; | ||
955 | char *data_tmp; | ||
956 | size_t attrs_len = 0; | ||
957 | size_t pres_len = 0; | ||
958 | size_t key_len; | ||
959 | ssize_t written; | ||
960 | |||
961 | if (GNUNET_OK != success) | ||
962 | { | ||
963 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error consuming ticket: %s\n", emsg); | ||
964 | } | ||
965 | attrs_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs); | ||
966 | pres_len = GNUNET_RECLAIM_presentation_list_serialize_get_size ( | ||
967 | presentations); | ||
968 | key_len = GNUNET_CRYPTO_public_key_get_length (identity); | ||
969 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
970 | "Sending CONSUME_TICKET_RESULT message\n"); | ||
971 | env = GNUNET_MQ_msg_extra (crm, | ||
972 | attrs_len + pres_len + key_len, | ||
973 | GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT); | ||
974 | crm->id = htonl (cop->r_id); | ||
975 | crm->attrs_len = htons (attrs_len); | ||
976 | crm->presentations_len = htons (pres_len); | ||
977 | crm->key_len = htons (key_len); | ||
978 | crm->result = htons (success); | ||
979 | data_tmp = (char *) &crm[1]; | ||
980 | written = GNUNET_CRYPTO_write_public_key_to_buffer (identity, | ||
981 | data_tmp, | ||
982 | key_len); | ||
983 | GNUNET_assert (0 <= written); | ||
984 | data_tmp += written; | ||
985 | GNUNET_RECLAIM_attribute_list_serialize (attrs, data_tmp); | ||
986 | data_tmp += attrs_len; | ||
987 | GNUNET_RECLAIM_presentation_list_serialize (presentations, data_tmp); | ||
988 | GNUNET_MQ_send (cop->client->mq, env); | ||
989 | GNUNET_CONTAINER_DLL_remove (cop->client->consume_op_head, | ||
990 | cop->client->consume_op_tail, | ||
991 | cop); | ||
992 | GNUNET_free (cop); | ||
993 | } | ||
994 | |||
995 | |||
996 | /** | ||
997 | * Check a consume ticket message | ||
998 | * | ||
999 | * @param cls unused | ||
1000 | * @param cm the message to handle | ||
1001 | */ | ||
1002 | static int | ||
1003 | check_consume_ticket_message (void *cls, const struct ConsumeTicketMessage *cm) | ||
1004 | { | ||
1005 | uint16_t size; | ||
1006 | |||
1007 | size = ntohs (cm->header.size); | ||
1008 | if (size <= sizeof(struct ConsumeTicketMessage)) | ||
1009 | { | ||
1010 | GNUNET_break (0); | ||
1011 | return GNUNET_SYSERR; | ||
1012 | } | ||
1013 | return GNUNET_OK; | ||
1014 | } | ||
1015 | |||
1016 | |||
1017 | /** | ||
1018 | * Handle a consume ticket message | ||
1019 | * | ||
1020 | * @param cls our client handle | ||
1021 | * @param cm the message to handle | ||
1022 | */ | ||
1023 | static void | ||
1024 | handle_consume_ticket_message (void *cls, const struct ConsumeTicketMessage *cm) | ||
1025 | { | ||
1026 | struct ConsumeTicketOperation *cop; | ||
1027 | struct IdpClient *idp = cls; | ||
1028 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
1029 | struct GNUNET_RECLAIM_Ticket ticket; | ||
1030 | size_t key_len; | ||
1031 | size_t tkt_len; | ||
1032 | size_t read; | ||
1033 | char *buf; | ||
1034 | |||
1035 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received CONSUME_TICKET message\n"); | ||
1036 | key_len = ntohs (cm->key_len); | ||
1037 | buf = (char *) &cm[1]; | ||
1038 | if ((GNUNET_SYSERR == | ||
1039 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
1040 | &identity, &read)) || | ||
1041 | (read != key_len)) | ||
1042 | { | ||
1043 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1044 | "Failed to read private key\n"); | ||
1045 | GNUNET_SERVICE_client_drop (idp->client); | ||
1046 | return; | ||
1047 | } | ||
1048 | buf += read; | ||
1049 | tkt_len = ntohs (cm->tkt_len); | ||
1050 | if ((GNUNET_SYSERR == | ||
1051 | GNUNET_RECLAIM_read_ticket_from_buffer (buf, tkt_len, | ||
1052 | &ticket, &read)) || | ||
1053 | (read != tkt_len)) | ||
1054 | { | ||
1055 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1056 | "Failed to read ticket\n"); | ||
1057 | GNUNET_SERVICE_client_drop (idp->client); | ||
1058 | return; | ||
1059 | } | ||
1060 | cop = GNUNET_new (struct ConsumeTicketOperation); | ||
1061 | cop->r_id = ntohl (cm->id); | ||
1062 | cop->client = idp; | ||
1063 | cop->ch | ||
1064 | = RECLAIM_TICKETS_consume (&identity, &ticket, &consume_result_cb, | ||
1065 | cop); | ||
1066 | GNUNET_CONTAINER_DLL_insert (idp->consume_op_head, idp->consume_op_tail, cop); | ||
1067 | GNUNET_SERVICE_client_continue (idp->client); | ||
1068 | } | ||
1069 | |||
1070 | |||
1071 | /***************************************** | ||
1072 | * Attribute store | ||
1073 | *****************************************/ | ||
1074 | |||
1075 | |||
1076 | /** | ||
1077 | * Attribute store result handler | ||
1078 | * | ||
1079 | * @param cls our attribute store handle | ||
1080 | * @param success GNUNET_OK if successful | ||
1081 | * @param emsg error message (NULL if success=GNUNET_OK) | ||
1082 | */ | ||
1083 | static void | ||
1084 | attr_store_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
1085 | { | ||
1086 | struct AttributeStoreHandle *ash = cls; | ||
1087 | struct GNUNET_MQ_Envelope *env; | ||
1088 | struct SuccessResultMessage *acr_msg; | ||
1089 | |||
1090 | ash->ns_qe = NULL; | ||
1091 | GNUNET_CONTAINER_DLL_remove (ash->client->store_op_head, | ||
1092 | ash->client->store_op_tail, | ||
1093 | ash); | ||
1094 | |||
1095 | if (GNUNET_EC_NONE != ec) | ||
1096 | { | ||
1097 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1098 | "Failed to store attribute %s\n", | ||
1099 | GNUNET_ErrorCode_get_hint (ec)); | ||
1100 | cleanup_as_handle (ash); | ||
1101 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1102 | return; | ||
1103 | } | ||
1104 | |||
1105 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending SUCCESS_RESPONSE message\n"); | ||
1106 | env = GNUNET_MQ_msg (acr_msg, GNUNET_MESSAGE_TYPE_RECLAIM_SUCCESS_RESPONSE); | ||
1107 | acr_msg->id = htonl (ash->r_id); | ||
1108 | acr_msg->op_result = htonl (GNUNET_OK); | ||
1109 | GNUNET_MQ_send (ash->client->mq, env); | ||
1110 | cleanup_as_handle (ash); | ||
1111 | } | ||
1112 | |||
1113 | |||
1114 | /** | ||
1115 | * Add a new attribute | ||
1116 | * | ||
1117 | * @param cls the AttributeStoreHandle | ||
1118 | */ | ||
1119 | static void | ||
1120 | attr_store_task (void *cls) | ||
1121 | { | ||
1122 | struct AttributeStoreHandle *ash = cls; | ||
1123 | struct GNUNET_GNSRECORD_Data rd[1]; | ||
1124 | char *buf; | ||
1125 | char *label; | ||
1126 | size_t buf_size; | ||
1127 | |||
1128 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Storing attribute\n"); | ||
1129 | buf_size = GNUNET_RECLAIM_attribute_serialize_get_size (ash->claim); | ||
1130 | buf = GNUNET_malloc (buf_size); | ||
1131 | // Give the ash a new id if unset | ||
1132 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&ash->claim->id)) | ||
1133 | GNUNET_RECLAIM_id_generate (&ash->claim->id); | ||
1134 | GNUNET_RECLAIM_attribute_serialize (ash->claim, buf); | ||
1135 | label | ||
1136 | = GNUNET_STRINGS_data_to_string_alloc (&ash->claim->id, | ||
1137 | sizeof (ash->claim->id)); | ||
1138 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting with label %s\n", label); | ||
1139 | |||
1140 | rd[0].data_size = buf_size; | ||
1141 | rd[0].data = buf; | ||
1142 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE; | ||
1143 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
1144 | rd[0].expiration_time = ash->exp.rel_value_us; | ||
1145 | ash->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
1146 | &ash->identity, | ||
1147 | label, | ||
1148 | 1, | ||
1149 | rd, | ||
1150 | &attr_store_cont, | ||
1151 | ash); | ||
1152 | GNUNET_free (buf); | ||
1153 | GNUNET_free (label); | ||
1154 | } | ||
1155 | |||
1156 | |||
1157 | /** | ||
1158 | * Check an attribute store message | ||
1159 | * | ||
1160 | * @param cls unused | ||
1161 | * @param sam the message to check | ||
1162 | */ | ||
1163 | static int | ||
1164 | check_attribute_store_message (void *cls, | ||
1165 | const struct AttributeStoreMessage *sam) | ||
1166 | { | ||
1167 | uint16_t size; | ||
1168 | |||
1169 | size = ntohs (sam->header.size); | ||
1170 | if (size <= sizeof(struct AttributeStoreMessage)) | ||
1171 | { | ||
1172 | GNUNET_break (0); | ||
1173 | return GNUNET_SYSERR; | ||
1174 | } | ||
1175 | return GNUNET_OK; | ||
1176 | } | ||
1177 | |||
1178 | |||
1179 | /** | ||
1180 | * Handle an attribute store message | ||
1181 | * | ||
1182 | * @param cls our client | ||
1183 | * @param sam the message to handle | ||
1184 | */ | ||
1185 | static void | ||
1186 | handle_attribute_store_message (void *cls, | ||
1187 | const struct AttributeStoreMessage *sam) | ||
1188 | { | ||
1189 | struct AttributeStoreHandle *ash; | ||
1190 | struct IdpClient *idp = cls; | ||
1191 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
1192 | size_t data_len; | ||
1193 | size_t key_len; | ||
1194 | size_t read; | ||
1195 | char *buf; | ||
1196 | |||
1197 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received ATTRIBUTE_STORE message\n"); | ||
1198 | |||
1199 | data_len = ntohs (sam->attr_len); | ||
1200 | key_len = ntohs (sam->key_len); | ||
1201 | buf = (char *) &sam[1]; | ||
1202 | if ((GNUNET_SYSERR == | ||
1203 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
1204 | &identity, &read)) || | ||
1205 | (read != key_len)) | ||
1206 | { | ||
1207 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1208 | "Failed to read private key\n"); | ||
1209 | GNUNET_SERVICE_client_drop (idp->client); | ||
1210 | return; | ||
1211 | } | ||
1212 | buf += read; | ||
1213 | ash = GNUNET_new (struct AttributeStoreHandle); | ||
1214 | GNUNET_RECLAIM_attribute_deserialize (buf, | ||
1215 | data_len, | ||
1216 | &ash->claim); | ||
1217 | |||
1218 | ash->r_id = ntohl (sam->id); | ||
1219 | ash->identity = identity; | ||
1220 | ash->exp.rel_value_us = GNUNET_ntohll (sam->exp); | ||
1221 | GNUNET_CRYPTO_key_get_public (&identity, &ash->identity_pkey); | ||
1222 | |||
1223 | GNUNET_SERVICE_client_continue (idp->client); | ||
1224 | ash->client = idp; | ||
1225 | GNUNET_CONTAINER_DLL_insert (idp->store_op_head, idp->store_op_tail, ash); | ||
1226 | GNUNET_SCHEDULER_add_now (&attr_store_task, ash); | ||
1227 | } | ||
1228 | |||
1229 | |||
1230 | /** | ||
1231 | * Credential store result handler | ||
1232 | * | ||
1233 | * @param cls our attribute store handle | ||
1234 | * @param success GNUNET_OK if successful | ||
1235 | * @param emsg error message (NULL if success=GNUNET_OK) | ||
1236 | */ | ||
1237 | static void | ||
1238 | cred_store_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
1239 | { | ||
1240 | struct AttributeStoreHandle *ash = cls; | ||
1241 | struct GNUNET_MQ_Envelope *env; | ||
1242 | struct SuccessResultMessage *acr_msg; | ||
1243 | |||
1244 | ash->ns_qe = NULL; | ||
1245 | GNUNET_CONTAINER_DLL_remove (ash->client->store_op_head, | ||
1246 | ash->client->store_op_tail, | ||
1247 | ash); | ||
1248 | |||
1249 | if (GNUNET_EC_NONE != ec) | ||
1250 | { | ||
1251 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1252 | "Failed to store credential: %s\n", | ||
1253 | GNUNET_ErrorCode_get_hint (ec)); | ||
1254 | cleanup_as_handle (ash); | ||
1255 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1256 | return; | ||
1257 | } | ||
1258 | |||
1259 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending SUCCESS_RESPONSE message\n"); | ||
1260 | env = GNUNET_MQ_msg (acr_msg, GNUNET_MESSAGE_TYPE_RECLAIM_SUCCESS_RESPONSE); | ||
1261 | acr_msg->id = htonl (ash->r_id); | ||
1262 | acr_msg->op_result = htonl (GNUNET_OK); | ||
1263 | GNUNET_MQ_send (ash->client->mq, env); | ||
1264 | cleanup_as_handle (ash); | ||
1265 | } | ||
1266 | |||
1267 | |||
1268 | /** | ||
1269 | * Error looking up potential credential. Abort. | ||
1270 | * | ||
1271 | * @param cls our attribute store handle | ||
1272 | */ | ||
1273 | static void | ||
1274 | cred_error (void *cls) | ||
1275 | { | ||
1276 | struct AttributeStoreHandle *ash = cls; | ||
1277 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1278 | "Failed to check for existing credential.\n"); | ||
1279 | cleanup_as_handle (ash); | ||
1280 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1281 | return; | ||
1282 | } | ||
1283 | |||
1284 | |||
1285 | /** | ||
1286 | * Check for existing record before storing credential | ||
1287 | * | ||
1288 | * @param cls our attribute store handle | ||
1289 | * @param zone zone we are iterating | ||
1290 | * @param label label of the records | ||
1291 | * @param rd_count record count | ||
1292 | * @param rd records | ||
1293 | */ | ||
1294 | static void | ||
1295 | cred_add_cb (void *cls, | ||
1296 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
1297 | const char *label, | ||
1298 | unsigned int rd_count, | ||
1299 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1300 | { | ||
1301 | struct AttributeStoreHandle *ash = cls; | ||
1302 | struct GNUNET_GNSRECORD_Data rd_new[1]; | ||
1303 | char *buf; | ||
1304 | size_t buf_size; | ||
1305 | |||
1306 | buf_size = GNUNET_RECLAIM_credential_serialize_get_size (ash->credential); | ||
1307 | buf = GNUNET_malloc (buf_size); | ||
1308 | GNUNET_RECLAIM_credential_serialize (ash->credential, buf); | ||
1309 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1310 | "Storing new credential under `%s'.\n", | ||
1311 | label); | ||
1312 | rd_new[0].data_size = buf_size; | ||
1313 | rd_new[0].data = buf; | ||
1314 | rd_new[0].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL; | ||
1315 | rd_new[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
1316 | rd_new[0].expiration_time = ash->exp.rel_value_us; | ||
1317 | ash->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
1318 | &ash->identity, | ||
1319 | label, | ||
1320 | 1, | ||
1321 | rd_new, | ||
1322 | &cred_store_cont, | ||
1323 | ash); | ||
1324 | GNUNET_free (buf); | ||
1325 | return; | ||
1326 | } | ||
1327 | |||
1328 | |||
1329 | /** | ||
1330 | * Add a new credential | ||
1331 | * | ||
1332 | * @param cls the AttributeStoreHandle | ||
1333 | */ | ||
1334 | static void | ||
1335 | cred_store_task (void *cls) | ||
1336 | { | ||
1337 | struct AttributeStoreHandle *ash = cls; | ||
1338 | char *label; | ||
1339 | |||
1340 | // Give the ash a new id if unset | ||
1341 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&ash->credential->id)) | ||
1342 | GNUNET_RECLAIM_id_generate (&ash->credential->id); | ||
1343 | label = GNUNET_STRINGS_data_to_string_alloc (&ash->credential->id, | ||
1344 | sizeof (ash->credential->id)); | ||
1345 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1346 | "Looking up existing data under label `%s'\n", label); | ||
1347 | ash->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh, | ||
1348 | &ash->identity, | ||
1349 | label, | ||
1350 | &cred_error, | ||
1351 | ash, | ||
1352 | &cred_add_cb, | ||
1353 | ash); | ||
1354 | GNUNET_free (label); | ||
1355 | } | ||
1356 | |||
1357 | |||
1358 | /** | ||
1359 | * Check an credential store message | ||
1360 | * | ||
1361 | * @param cls unused | ||
1362 | * @param sam the message to check | ||
1363 | */ | ||
1364 | static int | ||
1365 | check_credential_store_message (void *cls, | ||
1366 | const struct AttributeStoreMessage *sam) | ||
1367 | { | ||
1368 | uint16_t size; | ||
1369 | |||
1370 | size = ntohs (sam->header.size); | ||
1371 | if (size <= sizeof(struct AttributeStoreMessage)) | ||
1372 | { | ||
1373 | GNUNET_break (0); | ||
1374 | return GNUNET_SYSERR; | ||
1375 | } | ||
1376 | return GNUNET_OK; | ||
1377 | } | ||
1378 | |||
1379 | |||
1380 | /** | ||
1381 | * Handle a credential store message | ||
1382 | * | ||
1383 | * @param cls our client | ||
1384 | * @param sam the message to handle | ||
1385 | */ | ||
1386 | static void | ||
1387 | handle_credential_store_message (void *cls, | ||
1388 | const struct AttributeStoreMessage *sam) | ||
1389 | { | ||
1390 | struct AttributeStoreHandle *ash; | ||
1391 | struct IdpClient *idp = cls; | ||
1392 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
1393 | size_t data_len; | ||
1394 | size_t key_len; | ||
1395 | size_t read; | ||
1396 | char *buf; | ||
1397 | |||
1398 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received CREDENTIAL_STORE message\n"); | ||
1399 | |||
1400 | data_len = ntohs (sam->attr_len); | ||
1401 | key_len = ntohs (sam->key_len); | ||
1402 | buf = (char *) &sam[1]; | ||
1403 | if ((GNUNET_SYSERR == | ||
1404 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
1405 | &identity, &read)) || | ||
1406 | (read != key_len)) | ||
1407 | { | ||
1408 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1409 | "Failed to read private key\n"); | ||
1410 | GNUNET_SERVICE_client_drop (idp->client); | ||
1411 | return; | ||
1412 | } | ||
1413 | buf += read; | ||
1414 | ash = GNUNET_new (struct AttributeStoreHandle); | ||
1415 | ash->credential = GNUNET_RECLAIM_credential_deserialize (buf, | ||
1416 | data_len); | ||
1417 | |||
1418 | ash->r_id = ntohl (sam->id); | ||
1419 | ash->identity = identity; | ||
1420 | ash->exp.rel_value_us = GNUNET_ntohll (sam->exp); | ||
1421 | GNUNET_CRYPTO_key_get_public (&identity, &ash->identity_pkey); | ||
1422 | |||
1423 | GNUNET_SERVICE_client_continue (idp->client); | ||
1424 | ash->client = idp; | ||
1425 | GNUNET_CONTAINER_DLL_insert (idp->store_op_head, idp->store_op_tail, ash); | ||
1426 | GNUNET_SCHEDULER_add_now (&cred_store_task, ash); | ||
1427 | } | ||
1428 | |||
1429 | |||
1430 | /** | ||
1431 | * Send a deletion success response | ||
1432 | * | ||
1433 | * @param adh our attribute deletion handle | ||
1434 | * @param success the success status | ||
1435 | */ | ||
1436 | static void | ||
1437 | send_delete_response (struct AttributeDeleteHandle *adh, int32_t success) | ||
1438 | { | ||
1439 | struct GNUNET_MQ_Envelope *env; | ||
1440 | struct SuccessResultMessage *acr_msg; | ||
1441 | |||
1442 | GNUNET_CONTAINER_DLL_remove (adh->client->delete_op_head, | ||
1443 | adh->client->delete_op_tail, | ||
1444 | adh); | ||
1445 | |||
1446 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending SUCCESS_RESPONSE message\n"); | ||
1447 | env = GNUNET_MQ_msg (acr_msg, GNUNET_MESSAGE_TYPE_RECLAIM_SUCCESS_RESPONSE); | ||
1448 | acr_msg->id = htonl (adh->r_id); | ||
1449 | acr_msg->op_result = htonl (success); | ||
1450 | GNUNET_MQ_send (adh->client->mq, env); | ||
1451 | } | ||
1452 | |||
1453 | |||
1454 | /** | ||
1455 | * Namestore iteration within attribute deletion. | ||
1456 | * We need to reissue tickets with the deleted attribute removed. | ||
1457 | * | ||
1458 | * @param cls our attribute deletion handle | ||
1459 | * @param zone the private key of the ticket issuer | ||
1460 | * @param label the label of the record | ||
1461 | * @param rd_count number of records | ||
1462 | * @param rd record data | ||
1463 | */ | ||
1464 | static void | ||
1465 | consistency_iter (void *cls, | ||
1466 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
1467 | const char *label, | ||
1468 | unsigned int rd_count, | ||
1469 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1470 | { | ||
1471 | struct AttributeDeleteHandle *adh = cls; | ||
1472 | struct TicketRecordsEntry *le; | ||
1473 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
1474 | struct GNUNET_RECLAIM_CredentialListEntry *cle; | ||
1475 | int is_ticket = GNUNET_NO; | ||
1476 | for (int i = 0; i < rd_count; i++) | ||
1477 | { | ||
1478 | switch (rd[i].record_type) | ||
1479 | { | ||
1480 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE: | ||
1481 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
1482 | GNUNET_RECLAIM_attribute_deserialize (rd[i].data, | ||
1483 | rd[i].data_size, | ||
1484 | &ale->attribute); | ||
1485 | GNUNET_CONTAINER_DLL_insert (adh->existing_attributes->list_head, | ||
1486 | adh->existing_attributes->list_tail, | ||
1487 | ale); | ||
1488 | break; | ||
1489 | case GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL: | ||
1490 | cle = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); | ||
1491 | cle->credential = GNUNET_RECLAIM_credential_deserialize (rd[i].data, | ||
1492 | rd[i].data_size); | ||
1493 | GNUNET_CONTAINER_DLL_insert (adh->existing_credentials->list_head, | ||
1494 | adh->existing_credentials->list_tail, | ||
1495 | cle); | ||
1496 | break; | ||
1497 | case GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET: | ||
1498 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1499 | "Ticket to delete found (%s)\n", | ||
1500 | label); | ||
1501 | is_ticket = GNUNET_YES; | ||
1502 | break; | ||
1503 | default: | ||
1504 | break; | ||
1505 | } | ||
1506 | if (GNUNET_YES == is_ticket) | ||
1507 | break; | ||
1508 | } | ||
1509 | if (GNUNET_YES == is_ticket) | ||
1510 | { | ||
1511 | le = GNUNET_new (struct TicketRecordsEntry); | ||
1512 | le->data_size = GNUNET_GNSRECORD_records_get_size (rd_count, rd); | ||
1513 | le->data = GNUNET_malloc (le->data_size); | ||
1514 | le->rd_count = rd_count; | ||
1515 | le->label = GNUNET_strdup (label); | ||
1516 | GNUNET_GNSRECORD_records_serialize (rd_count, rd, le->data_size, le->data); | ||
1517 | GNUNET_CONTAINER_DLL_insert (adh->tickets_to_update_head, | ||
1518 | adh->tickets_to_update_tail, | ||
1519 | le); | ||
1520 | } | ||
1521 | GNUNET_NAMESTORE_zone_iterator_next (adh->ns_it, 1); | ||
1522 | } | ||
1523 | |||
1524 | |||
1525 | /** | ||
1526 | * Recursion prototype for function | ||
1527 | * @param cls our deletion handle | ||
1528 | */ | ||
1529 | static void | ||
1530 | update_tickets (void *cls); | ||
1531 | |||
1532 | |||
1533 | /** | ||
1534 | * Callback called when a ticket was updated | ||
1535 | * | ||
1536 | * @param cls our attribute deletion handle | ||
1537 | * @param success GNUNET_OK if successful | ||
1538 | * @param emsg error message (NULL if success=GNUNET_OK) | ||
1539 | */ | ||
1540 | static void | ||
1541 | ticket_updated (void *cls, enum GNUNET_ErrorCode ec) | ||
1542 | { | ||
1543 | struct AttributeDeleteHandle *adh = cls; | ||
1544 | |||
1545 | adh->ns_qe = NULL; | ||
1546 | GNUNET_SCHEDULER_add_now (&update_tickets, adh); | ||
1547 | } | ||
1548 | |||
1549 | |||
1550 | /** | ||
1551 | * Update tickets: Remove shared attribute which has just been deleted. | ||
1552 | * This method is called recursively until all tickets are processed. | ||
1553 | * Eventually, the updated tickets are stored using ``update_tickets''. | ||
1554 | * | ||
1555 | * @param cls our attribute deletion handle | ||
1556 | */ | ||
1557 | static void | ||
1558 | update_tickets (void *cls) | ||
1559 | { | ||
1560 | struct AttributeDeleteHandle *adh = cls; | ||
1561 | struct TicketRecordsEntry *le; | ||
1562 | |||
1563 | if (NULL == adh->tickets_to_update_head) | ||
1564 | { | ||
1565 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1566 | "Finished updating tickets, success\n"); | ||
1567 | send_delete_response (adh, GNUNET_OK); | ||
1568 | cleanup_adh (adh); | ||
1569 | return; | ||
1570 | } | ||
1571 | le = adh->tickets_to_update_head; | ||
1572 | GNUNET_CONTAINER_DLL_remove (adh->tickets_to_update_head, | ||
1573 | adh->tickets_to_update_tail, | ||
1574 | le); | ||
1575 | struct GNUNET_GNSRECORD_Data rd[le->rd_count]; | ||
1576 | struct GNUNET_GNSRECORD_Data rd_new[le->rd_count - 1]; | ||
1577 | if (GNUNET_OK != GNUNET_GNSRECORD_records_deserialize (le->data_size, | ||
1578 | le->data, | ||
1579 | le->rd_count, | ||
1580 | rd)) | ||
1581 | { | ||
1582 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1583 | "Unable to deserialize record data!\n"); | ||
1584 | send_delete_response (adh, GNUNET_SYSERR); | ||
1585 | cleanup_adh (adh); | ||
1586 | return; | ||
1587 | } | ||
1588 | int j = 0; | ||
1589 | int i = 0; | ||
1590 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
1591 | struct GNUNET_RECLAIM_CredentialListEntry *cle; | ||
1592 | struct GNUNET_RECLAIM_Presentation *presentation; | ||
1593 | for (i = 0; i < le->rd_count; i++) | ||
1594 | { | ||
1595 | switch (rd[i].record_type) | ||
1596 | { | ||
1597 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: | ||
1598 | for (ale = adh->existing_attributes->list_head; NULL != ale; ale = | ||
1599 | ale->next) | ||
1600 | { | ||
1601 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, | ||
1602 | &ale->attribute->id)) | ||
1603 | { | ||
1604 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1605 | "Found attribute %s, readding...\n", | ||
1606 | ale->attribute->name); | ||
1607 | rd_new[j] = rd[i]; | ||
1608 | j++; | ||
1609 | break; // Found and added | ||
1610 | } | ||
1611 | } | ||
1612 | break; | ||
1613 | case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: | ||
1614 | presentation = GNUNET_RECLAIM_presentation_deserialize (rd[i].data, | ||
1615 | rd[i].data_size); | ||
1616 | for (cle = adh->existing_credentials->list_head; NULL != cle; cle = | ||
1617 | cle->next) | ||
1618 | { | ||
1619 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal ( | ||
1620 | &presentation->credential_id, | ||
1621 | &cle->credential->id)) | ||
1622 | { | ||
1623 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1624 | "Found presentation for credential %s, readding...\n", | ||
1625 | cle->credential->name); | ||
1626 | rd_new[j] = rd[i]; | ||
1627 | j++; | ||
1628 | break; // Found and added | ||
1629 | } | ||
1630 | } | ||
1631 | GNUNET_free (presentation); | ||
1632 | break; | ||
1633 | case GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET: | ||
1634 | rd_new[j] = rd[i]; | ||
1635 | j++; | ||
1636 | break; // Found and added | ||
1637 | default: | ||
1638 | GNUNET_break (0); | ||
1639 | } | ||
1640 | } | ||
1641 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1642 | "Updating ticket with %d entries (%d before)...\n", | ||
1643 | j, i); | ||
1644 | adh->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
1645 | &adh->identity, | ||
1646 | le->label, | ||
1647 | j, | ||
1648 | rd_new, | ||
1649 | &ticket_updated, | ||
1650 | adh); | ||
1651 | GNUNET_free (le->label); | ||
1652 | GNUNET_free (le->data); | ||
1653 | GNUNET_free (le); | ||
1654 | } | ||
1655 | |||
1656 | |||
1657 | /** | ||
1658 | * Delete all attributes which reference credentials | ||
1659 | * that no longer exist | ||
1660 | */ | ||
1661 | static void | ||
1662 | purge_attributes (void *cls);; | ||
1663 | |||
1664 | static void | ||
1665 | offending_attr_delete_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
1666 | { | ||
1667 | struct AttributeDeleteHandle *adh = cls; | ||
1668 | |||
1669 | adh->ns_qe = NULL; | ||
1670 | if (GNUNET_EC_NONE != ec) | ||
1671 | { | ||
1672 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1673 | "Error deleting attribute %s\n", | ||
1674 | adh->label); | ||
1675 | send_delete_response (adh, GNUNET_SYSERR); | ||
1676 | cleanup_adh (adh); | ||
1677 | return; | ||
1678 | } | ||
1679 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Continuing consistency check...\n"); | ||
1680 | GNUNET_SCHEDULER_add_now (&purge_attributes, adh); | ||
1681 | } | ||
1682 | |||
1683 | |||
1684 | /** | ||
1685 | * Delete all attributes which reference credentials | ||
1686 | * that no longer exist | ||
1687 | */ | ||
1688 | static void | ||
1689 | purge_attributes (void *cls) | ||
1690 | { | ||
1691 | struct AttributeDeleteHandle *adh = cls; | ||
1692 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
1693 | struct GNUNET_RECLAIM_CredentialListEntry *cle; | ||
1694 | |||
1695 | for (ale = adh->existing_attributes->list_head; NULL != ale; ale = ale->next) | ||
1696 | { | ||
1697 | if (GNUNET_YES == | ||
1698 | GNUNET_RECLAIM_id_is_zero (&ale->attribute->credential)) | ||
1699 | continue; | ||
1700 | |||
1701 | for (cle = adh->existing_credentials->list_head; | ||
1702 | NULL != cle; cle = cle->next) | ||
1703 | { | ||
1704 | if (GNUNET_YES != | ||
1705 | GNUNET_RECLAIM_id_is_equal (&cle->credential->id, | ||
1706 | &ale->attribute->credential)) | ||
1707 | continue; | ||
1708 | break; | ||
1709 | } | ||
1710 | if (NULL == cle) | ||
1711 | { | ||
1712 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1713 | "Found attribute with missing credential\n"); | ||
1714 | break; | ||
1715 | } | ||
1716 | } | ||
1717 | if (NULL == ale) | ||
1718 | { | ||
1719 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1720 | "Attributes consistent, updating tickets.\n"); | ||
1721 | GNUNET_SCHEDULER_add_now (&update_tickets, adh); | ||
1722 | return; | ||
1723 | } | ||
1724 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1725 | "Attributes inconsistent, deleting offending attribute.\n"); | ||
1726 | char *label | ||
1727 | = GNUNET_STRINGS_data_to_string_alloc (&ale->attribute->id, | ||
1728 | sizeof(ale->attribute->id)); | ||
1729 | |||
1730 | adh->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
1731 | &adh->identity, | ||
1732 | label, | ||
1733 | 0, | ||
1734 | NULL, | ||
1735 | &offending_attr_delete_cont, | ||
1736 | adh); | ||
1737 | GNUNET_CONTAINER_DLL_remove (adh->existing_attributes->list_head, | ||
1738 | adh->existing_attributes->list_tail, | ||
1739 | ale); | ||
1740 | GNUNET_free (ale); | ||
1741 | GNUNET_free (label); | ||
1742 | } | ||
1743 | |||
1744 | |||
1745 | /** | ||
1746 | * Done collecting affected tickets, start updating. | ||
1747 | * | ||
1748 | * @param cls our attribute deletion handle | ||
1749 | */ | ||
1750 | static void | ||
1751 | consistency_iter_fin (void *cls) | ||
1752 | { | ||
1753 | struct AttributeDeleteHandle *adh = cls; | ||
1754 | adh->ns_it = NULL; | ||
1755 | GNUNET_SCHEDULER_add_now (&purge_attributes, adh); | ||
1756 | } | ||
1757 | |||
1758 | |||
1759 | /** | ||
1760 | * Error collecting affected tickets. Abort. | ||
1761 | * | ||
1762 | * @param cls our attribute deletion handle | ||
1763 | */ | ||
1764 | static void | ||
1765 | consistency_iter_err (void *cls) | ||
1766 | { | ||
1767 | struct AttributeDeleteHandle *adh = cls; | ||
1768 | |||
1769 | adh->ns_it = NULL; | ||
1770 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1771 | "Namestore error on consistency check\n"); | ||
1772 | send_delete_response (adh, GNUNET_SYSERR); | ||
1773 | cleanup_adh (adh); | ||
1774 | } | ||
1775 | |||
1776 | |||
1777 | /** | ||
1778 | * Start processing tickets which may still contain reference to deleted | ||
1779 | * attribute. | ||
1780 | * | ||
1781 | * @param cls attribute deletion handle | ||
1782 | */ | ||
1783 | static void | ||
1784 | start_consistency_update (void *cls) | ||
1785 | { | ||
1786 | struct AttributeDeleteHandle *adh = cls; | ||
1787 | |||
1788 | adh->existing_attributes = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
1789 | adh->existing_credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); | ||
1790 | |||
1791 | adh->ns_it = GNUNET_NAMESTORE_zone_iteration_start (nsh, | ||
1792 | &adh->identity, | ||
1793 | &consistency_iter_err, | ||
1794 | adh, | ||
1795 | &consistency_iter, | ||
1796 | adh, | ||
1797 | &consistency_iter_fin, | ||
1798 | adh); | ||
1799 | } | ||
1800 | |||
1801 | |||
1802 | /** | ||
1803 | * Attribute deleted callback | ||
1804 | * | ||
1805 | * @param cls our handle | ||
1806 | * @param success success status | ||
1807 | * @param emsg error message (NULL if success=GNUNET_OK) | ||
1808 | */ | ||
1809 | static void | ||
1810 | attr_delete_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
1811 | { | ||
1812 | struct AttributeDeleteHandle *adh = cls; | ||
1813 | |||
1814 | adh->ns_qe = NULL; | ||
1815 | if (GNUNET_EC_NONE != ec) | ||
1816 | { | ||
1817 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1818 | "Error deleting attribute %s\n", | ||
1819 | adh->label); | ||
1820 | send_delete_response (adh, GNUNET_SYSERR); | ||
1821 | cleanup_adh (adh); | ||
1822 | return; | ||
1823 | } | ||
1824 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Updating tickets...\n"); | ||
1825 | GNUNET_SCHEDULER_add_now (&start_consistency_update, adh); | ||
1826 | } | ||
1827 | |||
1828 | |||
1829 | /** | ||
1830 | * Check attribute delete message format | ||
1831 | * | ||
1832 | * @param cls unused | ||
1833 | * @param dam message to check | ||
1834 | */ | ||
1835 | static int | ||
1836 | check_attribute_delete_message (void *cls, | ||
1837 | const struct AttributeDeleteMessage *dam) | ||
1838 | { | ||
1839 | uint16_t size; | ||
1840 | |||
1841 | size = ntohs (dam->header.size); | ||
1842 | if (size <= sizeof(struct AttributeDeleteMessage)) | ||
1843 | { | ||
1844 | GNUNET_break (0); | ||
1845 | return GNUNET_SYSERR; | ||
1846 | } | ||
1847 | return GNUNET_OK; | ||
1848 | } | ||
1849 | |||
1850 | |||
1851 | /** | ||
1852 | * Handle attribute deletion | ||
1853 | * | ||
1854 | * @param cls our client | ||
1855 | * @param dam deletion message | ||
1856 | */ | ||
1857 | static void | ||
1858 | handle_attribute_delete_message (void *cls, | ||
1859 | const struct AttributeDeleteMessage *dam) | ||
1860 | { | ||
1861 | struct AttributeDeleteHandle *adh; | ||
1862 | struct IdpClient *idp = cls; | ||
1863 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
1864 | size_t data_len; | ||
1865 | size_t key_len; | ||
1866 | size_t read; | ||
1867 | char *buf; | ||
1868 | |||
1869 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received ATTRIBUTE_DELETE message\n"); | ||
1870 | |||
1871 | data_len = ntohs (dam->attr_len); | ||
1872 | key_len = ntohs (dam->key_len); | ||
1873 | buf = (char *) &dam[1]; | ||
1874 | if ((GNUNET_SYSERR == | ||
1875 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
1876 | &identity, &read)) || | ||
1877 | (read != key_len)) | ||
1878 | { | ||
1879 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1880 | "Failed to read private key\n"); | ||
1881 | GNUNET_SERVICE_client_drop (idp->client); | ||
1882 | return; | ||
1883 | } | ||
1884 | buf += read; | ||
1885 | adh = GNUNET_new (struct AttributeDeleteHandle); | ||
1886 | GNUNET_RECLAIM_attribute_deserialize (buf, | ||
1887 | data_len, | ||
1888 | &adh->claim); | ||
1889 | adh->credential = NULL; | ||
1890 | |||
1891 | adh->r_id = ntohl (dam->id); | ||
1892 | adh->identity = identity; | ||
1893 | adh->label | ||
1894 | = GNUNET_STRINGS_data_to_string_alloc (&adh->claim->id, | ||
1895 | sizeof(adh->claim->id)); | ||
1896 | GNUNET_SERVICE_client_continue (idp->client); | ||
1897 | adh->client = idp; | ||
1898 | GNUNET_CONTAINER_DLL_insert (idp->delete_op_head, idp->delete_op_tail, adh); | ||
1899 | adh->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
1900 | &adh->identity, | ||
1901 | adh->label, | ||
1902 | 0, | ||
1903 | NULL, | ||
1904 | &attr_delete_cont, | ||
1905 | adh); | ||
1906 | } | ||
1907 | |||
1908 | |||
1909 | /** | ||
1910 | * Credential deleted callback | ||
1911 | * | ||
1912 | * @param cls our handle | ||
1913 | * @param success success status | ||
1914 | * @param emsg error message (NULL if success=GNUNET_OK) | ||
1915 | */ | ||
1916 | static void | ||
1917 | cred_delete_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
1918 | { | ||
1919 | struct AttributeDeleteHandle *adh = cls; | ||
1920 | |||
1921 | adh->ns_qe = NULL; | ||
1922 | if (GNUNET_EC_NONE != ec) | ||
1923 | { | ||
1924 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1925 | "Error deleting credential `%s'\n", | ||
1926 | adh->label); | ||
1927 | send_delete_response (adh, GNUNET_SYSERR); | ||
1928 | cleanup_adh (adh); | ||
1929 | return; | ||
1930 | } | ||
1931 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Updating tickets...\n"); | ||
1932 | GNUNET_SCHEDULER_add_now (&start_consistency_update, adh); | ||
1933 | } | ||
1934 | |||
1935 | |||
1936 | /** | ||
1937 | * Check credential delete message format | ||
1938 | * | ||
1939 | * @param cls unused | ||
1940 | * @param dam message to check | ||
1941 | */ | ||
1942 | static int | ||
1943 | check_credential_delete_message (void *cls, | ||
1944 | const struct AttributeDeleteMessage *dam) | ||
1945 | { | ||
1946 | uint16_t size; | ||
1947 | |||
1948 | size = ntohs (dam->header.size); | ||
1949 | if (size <= sizeof(struct AttributeDeleteMessage)) | ||
1950 | { | ||
1951 | GNUNET_break (0); | ||
1952 | return GNUNET_SYSERR; | ||
1953 | } | ||
1954 | return GNUNET_OK; | ||
1955 | } | ||
1956 | |||
1957 | |||
1958 | /** | ||
1959 | * Handle credential deletion | ||
1960 | * | ||
1961 | * @param cls our client | ||
1962 | * @param dam deletion message | ||
1963 | */ | ||
1964 | static void | ||
1965 | handle_credential_delete_message (void *cls, | ||
1966 | const struct AttributeDeleteMessage *dam) | ||
1967 | { | ||
1968 | struct AttributeDeleteHandle *adh; | ||
1969 | struct IdpClient *idp = cls; | ||
1970 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
1971 | size_t data_len; | ||
1972 | size_t key_len; | ||
1973 | size_t read; | ||
1974 | char *buf; | ||
1975 | |||
1976 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Received CREDENTIAL_DELETE message\n"); | ||
1977 | |||
1978 | data_len = ntohs (dam->attr_len); | ||
1979 | key_len = ntohs (dam->key_len); | ||
1980 | buf = (char *) &dam[1]; | ||
1981 | if ((GNUNET_SYSERR == | ||
1982 | GNUNET_CRYPTO_read_private_key_from_buffer (buf, key_len, | ||
1983 | &identity, &read)) || | ||
1984 | (read != key_len)) | ||
1985 | { | ||
1986 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1987 | "Failed to read private key\n"); | ||
1988 | GNUNET_SERVICE_client_drop (idp->client); | ||
1989 | return; | ||
1990 | } | ||
1991 | buf += read; | ||
1992 | adh = GNUNET_new (struct AttributeDeleteHandle); | ||
1993 | adh->credential = GNUNET_RECLAIM_credential_deserialize (buf, | ||
1994 | data_len); | ||
1995 | adh->claim = NULL; | ||
1996 | |||
1997 | adh->r_id = ntohl (dam->id); | ||
1998 | adh->identity = identity; | ||
1999 | adh->label | ||
2000 | = GNUNET_STRINGS_data_to_string_alloc (&adh->credential->id, | ||
2001 | sizeof(adh->credential->id)); | ||
2002 | GNUNET_SERVICE_client_continue (idp->client); | ||
2003 | adh->client = idp; | ||
2004 | GNUNET_CONTAINER_DLL_insert (idp->delete_op_head, idp->delete_op_tail, adh); | ||
2005 | adh->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
2006 | &adh->identity, | ||
2007 | adh->label, | ||
2008 | 0, | ||
2009 | NULL, | ||
2010 | &cred_delete_cont, | ||
2011 | adh); | ||
2012 | } | ||
2013 | |||
2014 | |||
2015 | /************************************************* | ||
2016 | * Attribute iteration | ||
2017 | *************************************************/ | ||
2018 | |||
2019 | |||
2020 | /** | ||
2021 | * Done iterating over attributes | ||
2022 | * | ||
2023 | * @param cls our iterator handle | ||
2024 | */ | ||
2025 | static void | ||
2026 | attr_iter_finished (void *cls) | ||
2027 | { | ||
2028 | struct Iterator *ai = cls; | ||
2029 | struct GNUNET_MQ_Envelope *env; | ||
2030 | struct AttributeResultMessage *arm; | ||
2031 | |||
2032 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending ATTRIBUTE_RESULT message\n"); | ||
2033 | env = GNUNET_MQ_msg (arm, GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT); | ||
2034 | arm->id = htonl (ai->request_id); | ||
2035 | arm->attr_len = htons (0); | ||
2036 | arm->pkey_len = htons (0); | ||
2037 | GNUNET_MQ_send (ai->client->mq, env); | ||
2038 | GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head, | ||
2039 | ai->client->attr_iter_tail, | ||
2040 | ai); | ||
2041 | GNUNET_free (ai); | ||
2042 | } | ||
2043 | |||
2044 | |||
2045 | /** | ||
2046 | * Error iterating over attributes. Abort. | ||
2047 | * | ||
2048 | * @param cls our attribute iteration handle | ||
2049 | */ | ||
2050 | static void | ||
2051 | attr_iter_error (void *cls) | ||
2052 | { | ||
2053 | struct Iterator *ai = cls; | ||
2054 | |||
2055 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over attributes\n"); | ||
2056 | attr_iter_finished (ai); | ||
2057 | } | ||
2058 | |||
2059 | |||
2060 | /** | ||
2061 | * Got record. Return if it is an attribute. | ||
2062 | * | ||
2063 | * @param cls our attribute iterator | ||
2064 | * @param zone zone we are iterating | ||
2065 | * @param label label of the records | ||
2066 | * @param rd_count record count | ||
2067 | * @param rd records | ||
2068 | */ | ||
2069 | static void | ||
2070 | attr_iter_cb (void *cls, | ||
2071 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
2072 | const char *label, | ||
2073 | unsigned int rd_count, | ||
2074 | const struct GNUNET_GNSRECORD_Data *rd) | ||
2075 | { | ||
2076 | struct Iterator *ai = cls; | ||
2077 | struct GNUNET_MQ_Envelope *env; | ||
2078 | struct GNUNET_CRYPTO_PublicKey identity; | ||
2079 | char *data_tmp; | ||
2080 | size_t key_len; | ||
2081 | ssize_t written; | ||
2082 | |||
2083 | if ((rd_count != 1) || | ||
2084 | (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE != rd->record_type)) | ||
2085 | { | ||
2086 | GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, 1); | ||
2087 | return; | ||
2088 | } | ||
2089 | struct AttributeResultMessage *arm; | ||
2090 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found attribute under: %s\n", | ||
2091 | label); | ||
2092 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2093 | "Sending ATTRIBUTE_RESULT message\n"); | ||
2094 | GNUNET_CRYPTO_key_get_public (zone, &identity); | ||
2095 | key_len = GNUNET_CRYPTO_public_key_get_length (&identity); | ||
2096 | env = GNUNET_MQ_msg_extra (arm, | ||
2097 | rd->data_size + key_len, | ||
2098 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT); | ||
2099 | arm->id = htonl (ai->request_id); | ||
2100 | arm->attr_len = htons (rd->data_size); | ||
2101 | data_tmp = (char *) &arm[1]; | ||
2102 | arm->pkey_len = htons (key_len); | ||
2103 | written = GNUNET_CRYPTO_write_public_key_to_buffer (&identity, | ||
2104 | data_tmp, | ||
2105 | key_len); | ||
2106 | GNUNET_assert (0 <= written); | ||
2107 | data_tmp += written; | ||
2108 | GNUNET_memcpy (data_tmp, rd->data, rd->data_size); | ||
2109 | GNUNET_MQ_send (ai->client->mq, env); | ||
2110 | } | ||
2111 | |||
2112 | |||
2113 | static enum GNUNET_GenericReturnValue | ||
2114 | check_iteration_start ( | ||
2115 | void *cls, | ||
2116 | const struct AttributeIterationStartMessage *ais_msg) | ||
2117 | { | ||
2118 | uint16_t size; | ||
2119 | size_t key_len; | ||
2120 | |||
2121 | size = ntohs (ais_msg->header.size); | ||
2122 | key_len = ntohs (ais_msg->key_len); | ||
2123 | |||
2124 | if (size < key_len + sizeof(*ais_msg)) | ||
2125 | { | ||
2126 | GNUNET_break (0); | ||
2127 | return GNUNET_SYSERR; | ||
2128 | } | ||
2129 | return GNUNET_OK; | ||
2130 | } | ||
2131 | |||
2132 | /** | ||
2133 | * Iterate over zone to get attributes | ||
2134 | * | ||
2135 | * @param cls our client | ||
2136 | * @param ais_msg the iteration message to start | ||
2137 | */ | ||
2138 | static void | ||
2139 | handle_iteration_start (void *cls, | ||
2140 | const struct AttributeIterationStartMessage *ais_msg) | ||
2141 | { | ||
2142 | struct IdpClient *idp = cls; | ||
2143 | struct Iterator *ai; | ||
2144 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
2145 | size_t key_len; | ||
2146 | size_t read; | ||
2147 | |||
2148 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2149 | "Received ATTRIBUTE_ITERATION_START message\n"); | ||
2150 | key_len = ntohs (ais_msg->key_len); | ||
2151 | if ((GNUNET_SYSERR == | ||
2152 | GNUNET_CRYPTO_read_private_key_from_buffer (&ais_msg[1], | ||
2153 | key_len, | ||
2154 | &identity, | ||
2155 | &read)) || | ||
2156 | (read != key_len)) | ||
2157 | { | ||
2158 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2159 | "Failed to read private key.\n"); | ||
2160 | GNUNET_SERVICE_client_drop (idp->client); | ||
2161 | return; | ||
2162 | } | ||
2163 | ai = GNUNET_new (struct Iterator); | ||
2164 | ai->request_id = ntohl (ais_msg->id); | ||
2165 | ai->client = idp; | ||
2166 | ai->identity = identity; | ||
2167 | |||
2168 | GNUNET_CONTAINER_DLL_insert (idp->attr_iter_head, idp->attr_iter_tail, ai); | ||
2169 | ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (nsh, | ||
2170 | &ai->identity, | ||
2171 | &attr_iter_error, | ||
2172 | ai, | ||
2173 | &attr_iter_cb, | ||
2174 | ai, | ||
2175 | &attr_iter_finished, | ||
2176 | ai); | ||
2177 | GNUNET_SERVICE_client_continue (idp->client); | ||
2178 | } | ||
2179 | |||
2180 | |||
2181 | /** | ||
2182 | * Handle iteration stop message from client | ||
2183 | * | ||
2184 | * @param cls the client | ||
2185 | * @param ais_msg the stop message | ||
2186 | */ | ||
2187 | static void | ||
2188 | handle_iteration_stop (void *cls, | ||
2189 | const struct AttributeIterationStopMessage *ais_msg) | ||
2190 | { | ||
2191 | struct IdpClient *idp = cls; | ||
2192 | struct Iterator *ai; | ||
2193 | uint32_t rid; | ||
2194 | |||
2195 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2196 | "Received `%s' message\n", | ||
2197 | "ATTRIBUTE_ITERATION_STOP"); | ||
2198 | rid = ntohl (ais_msg->id); | ||
2199 | for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next) | ||
2200 | if (ai->request_id == rid) | ||
2201 | break; | ||
2202 | if (NULL == ai) | ||
2203 | { | ||
2204 | GNUNET_break (0); | ||
2205 | GNUNET_SERVICE_client_drop (idp->client); | ||
2206 | return; | ||
2207 | } | ||
2208 | GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head, idp->attr_iter_tail, ai); | ||
2209 | GNUNET_free (ai); | ||
2210 | GNUNET_SERVICE_client_continue (idp->client); | ||
2211 | } | ||
2212 | |||
2213 | |||
2214 | /** | ||
2215 | * Client requests next attribute from iterator | ||
2216 | * | ||
2217 | * @param cls the client | ||
2218 | * @param ais_msg the message | ||
2219 | */ | ||
2220 | static void | ||
2221 | handle_iteration_next (void *cls, | ||
2222 | const struct AttributeIterationNextMessage *ais_msg) | ||
2223 | { | ||
2224 | struct IdpClient *idp = cls; | ||
2225 | struct Iterator *ai; | ||
2226 | uint32_t rid; | ||
2227 | |||
2228 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2229 | "Received ATTRIBUTE_ITERATION_NEXT message\n"); | ||
2230 | rid = ntohl (ais_msg->id); | ||
2231 | for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next) | ||
2232 | if (ai->request_id == rid) | ||
2233 | break; | ||
2234 | if (NULL == ai) | ||
2235 | { | ||
2236 | GNUNET_break (0); | ||
2237 | GNUNET_SERVICE_client_drop (idp->client); | ||
2238 | return; | ||
2239 | } | ||
2240 | GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, 1); | ||
2241 | GNUNET_SERVICE_client_continue (idp->client); | ||
2242 | } | ||
2243 | |||
2244 | |||
2245 | /************************************************* | ||
2246 | * Credential iteration | ||
2247 | *************************************************/ | ||
2248 | |||
2249 | |||
2250 | /** | ||
2251 | * Done iterating over credentials | ||
2252 | * | ||
2253 | * @param cls our iterator handle | ||
2254 | */ | ||
2255 | static void | ||
2256 | cred_iter_finished (void *cls) | ||
2257 | { | ||
2258 | struct Iterator *ai = cls; | ||
2259 | struct GNUNET_MQ_Envelope *env; | ||
2260 | struct CredentialResultMessage *arm; | ||
2261 | |||
2262 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending CREDENTIAL_RESULT message\n"); | ||
2263 | env = GNUNET_MQ_msg (arm, GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT); | ||
2264 | arm->id = htonl (ai->request_id); | ||
2265 | arm->credential_len = htons (0); | ||
2266 | arm->key_len = htons (0); | ||
2267 | GNUNET_MQ_send (ai->client->mq, env); | ||
2268 | GNUNET_CONTAINER_DLL_remove (ai->client->cred_iter_head, | ||
2269 | ai->client->cred_iter_tail, | ||
2270 | ai); | ||
2271 | GNUNET_free (ai); | ||
2272 | } | ||
2273 | |||
2274 | |||
2275 | /** | ||
2276 | * Error iterating over credentials. Abort. | ||
2277 | * | ||
2278 | * @param cls our attribute iteration handle | ||
2279 | */ | ||
2280 | static void | ||
2281 | cred_iter_error (void *cls) | ||
2282 | { | ||
2283 | struct Iterator *ai = cls; | ||
2284 | |||
2285 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to iterate over credentials\n"); | ||
2286 | cred_iter_finished (ai); | ||
2287 | } | ||
2288 | |||
2289 | |||
2290 | /** | ||
2291 | * Got record. Return credential. | ||
2292 | * | ||
2293 | * @param cls our attribute iterator | ||
2294 | * @param zone zone we are iterating | ||
2295 | * @param label label of the records | ||
2296 | * @param rd_count record count | ||
2297 | * @param rd records | ||
2298 | */ | ||
2299 | static void | ||
2300 | cred_iter_cb (void *cls, | ||
2301 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
2302 | const char *label, | ||
2303 | unsigned int rd_count, | ||
2304 | const struct GNUNET_GNSRECORD_Data *rd) | ||
2305 | { | ||
2306 | struct Iterator *ai = cls; | ||
2307 | struct GNUNET_MQ_Envelope *env; | ||
2308 | struct CredentialResultMessage *arm; | ||
2309 | struct GNUNET_CRYPTO_PublicKey identity; | ||
2310 | char *data_tmp; | ||
2311 | size_t key_len; | ||
2312 | ssize_t written; | ||
2313 | |||
2314 | if ((rd_count != 1) || | ||
2315 | (GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL != rd->record_type)) | ||
2316 | { | ||
2317 | GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, 1); | ||
2318 | return; | ||
2319 | } | ||
2320 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found credential under: %s\n", | ||
2321 | label); | ||
2322 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2323 | "Sending CREDENTIAL_RESULT message\n"); | ||
2324 | GNUNET_CRYPTO_key_get_public (zone, &identity); | ||
2325 | key_len = GNUNET_CRYPTO_public_key_get_length (&identity); | ||
2326 | env = GNUNET_MQ_msg_extra (arm, | ||
2327 | rd->data_size + key_len, | ||
2328 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT); | ||
2329 | arm->id = htonl (ai->request_id); | ||
2330 | arm->credential_len = htons (rd->data_size); | ||
2331 | arm->key_len = htons (key_len); | ||
2332 | data_tmp = (char *) &arm[1]; | ||
2333 | written = GNUNET_CRYPTO_write_public_key_to_buffer (&identity, | ||
2334 | data_tmp, | ||
2335 | key_len); | ||
2336 | GNUNET_assert (written >= 0); | ||
2337 | data_tmp += written; | ||
2338 | GNUNET_memcpy (data_tmp, rd->data, rd->data_size); | ||
2339 | GNUNET_MQ_send (ai->client->mq, env); | ||
2340 | } | ||
2341 | |||
2342 | static enum GNUNET_GenericReturnValue | ||
2343 | check_credential_iteration_start ( | ||
2344 | void *cls, | ||
2345 | const struct CredentialIterationStartMessage *cis_msg) | ||
2346 | { | ||
2347 | uint16_t size; | ||
2348 | size_t key_len; | ||
2349 | |||
2350 | size = ntohs (cis_msg->header.size); | ||
2351 | key_len = ntohs (cis_msg->key_len); | ||
2352 | |||
2353 | if (size < key_len + sizeof(*cis_msg)) | ||
2354 | { | ||
2355 | GNUNET_break (0); | ||
2356 | return GNUNET_SYSERR; | ||
2357 | } | ||
2358 | return GNUNET_OK; | ||
2359 | } | ||
2360 | |||
2361 | |||
2362 | /** | ||
2363 | * Iterate over zone to get attributes | ||
2364 | * | ||
2365 | * @param cls our client | ||
2366 | * @param ais_msg the iteration message to start | ||
2367 | */ | ||
2368 | static void | ||
2369 | handle_credential_iteration_start (void *cls, | ||
2370 | const struct | ||
2371 | CredentialIterationStartMessage *ais_msg) | ||
2372 | { | ||
2373 | struct IdpClient *idp = cls; | ||
2374 | struct Iterator *ai; | ||
2375 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
2376 | size_t key_len; | ||
2377 | size_t read; | ||
2378 | |||
2379 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2380 | "Received CREDENTIAL_ITERATION_START message\n"); | ||
2381 | key_len = ntohs (ais_msg->key_len); | ||
2382 | if ((GNUNET_SYSERR == | ||
2383 | GNUNET_CRYPTO_read_private_key_from_buffer (&ais_msg[1], | ||
2384 | key_len, | ||
2385 | &identity, | ||
2386 | &read)) || | ||
2387 | (read != key_len)) | ||
2388 | { | ||
2389 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2390 | "Failed to read private key.\n"); | ||
2391 | GNUNET_SERVICE_client_drop (idp->client); | ||
2392 | return; | ||
2393 | } | ||
2394 | ai = GNUNET_new (struct Iterator); | ||
2395 | ai->request_id = ntohl (ais_msg->id); | ||
2396 | ai->client = idp; | ||
2397 | ai->identity = identity; | ||
2398 | |||
2399 | GNUNET_CONTAINER_DLL_insert (idp->cred_iter_head, idp->cred_iter_tail, | ||
2400 | ai); | ||
2401 | ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (nsh, | ||
2402 | &ai->identity, | ||
2403 | &cred_iter_error, | ||
2404 | ai, | ||
2405 | &cred_iter_cb, | ||
2406 | ai, | ||
2407 | &cred_iter_finished, | ||
2408 | ai); | ||
2409 | GNUNET_SERVICE_client_continue (idp->client); | ||
2410 | } | ||
2411 | |||
2412 | |||
2413 | /** | ||
2414 | * Handle iteration stop message from client | ||
2415 | * | ||
2416 | * @param cls the client | ||
2417 | * @param ais_msg the stop message | ||
2418 | */ | ||
2419 | static void | ||
2420 | handle_credential_iteration_stop (void *cls, | ||
2421 | const struct | ||
2422 | CredentialIterationStopMessage *ais_msg) | ||
2423 | { | ||
2424 | struct IdpClient *idp = cls; | ||
2425 | struct Iterator *ai; | ||
2426 | uint32_t rid; | ||
2427 | |||
2428 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2429 | "Received `%s' message\n", | ||
2430 | "CREDENTIAL_ITERATION_STOP"); | ||
2431 | rid = ntohl (ais_msg->id); | ||
2432 | for (ai = idp->cred_iter_head; NULL != ai; ai = ai->next) | ||
2433 | if (ai->request_id == rid) | ||
2434 | break; | ||
2435 | if (NULL == ai) | ||
2436 | { | ||
2437 | GNUNET_break (0); | ||
2438 | GNUNET_SERVICE_client_drop (idp->client); | ||
2439 | return; | ||
2440 | } | ||
2441 | GNUNET_CONTAINER_DLL_remove (idp->cred_iter_head, idp->cred_iter_tail, | ||
2442 | ai); | ||
2443 | GNUNET_free (ai); | ||
2444 | GNUNET_SERVICE_client_continue (idp->client); | ||
2445 | } | ||
2446 | |||
2447 | |||
2448 | /** | ||
2449 | * Client requests next credential from iterator | ||
2450 | * | ||
2451 | * @param cls the client | ||
2452 | * @param ais_msg the message | ||
2453 | */ | ||
2454 | static void | ||
2455 | handle_credential_iteration_next (void *cls, | ||
2456 | const struct | ||
2457 | CredentialIterationNextMessage *ais_msg) | ||
2458 | { | ||
2459 | struct IdpClient *idp = cls; | ||
2460 | struct Iterator *ai; | ||
2461 | uint32_t rid; | ||
2462 | |||
2463 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2464 | "Received CREDENTIAL_ITERATION_NEXT message\n"); | ||
2465 | rid = ntohl (ais_msg->id); | ||
2466 | for (ai = idp->cred_iter_head; NULL != ai; ai = ai->next) | ||
2467 | if (ai->request_id == rid) | ||
2468 | break; | ||
2469 | if (NULL == ai) | ||
2470 | { | ||
2471 | GNUNET_break (0); | ||
2472 | GNUNET_SERVICE_client_drop (idp->client); | ||
2473 | return; | ||
2474 | } | ||
2475 | GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it, 1); | ||
2476 | GNUNET_SERVICE_client_continue (idp->client); | ||
2477 | } | ||
2478 | |||
2479 | |||
2480 | /****************************************************** | ||
2481 | * Ticket iteration | ||
2482 | ******************************************************/ | ||
2483 | |||
2484 | /** | ||
2485 | * Got a ticket. Return to client | ||
2486 | * | ||
2487 | * @param cls our ticket iterator | ||
2488 | * @param ticket the ticket | ||
2489 | */ | ||
2490 | static void | ||
2491 | ticket_iter_cb (void *cls, struct GNUNET_RECLAIM_Ticket *ticket) | ||
2492 | { | ||
2493 | struct TicketIteration *ti = cls; | ||
2494 | struct GNUNET_MQ_Envelope *env; | ||
2495 | struct TicketResultMessage *trm; | ||
2496 | size_t tkt_len; | ||
2497 | |||
2498 | if (NULL == ticket) | ||
2499 | tkt_len = 0; | ||
2500 | else | ||
2501 | tkt_len = GNUNET_RECLAIM_ticket_serialize_get_size (ticket); | ||
2502 | |||
2503 | env = GNUNET_MQ_msg_extra (trm, | ||
2504 | tkt_len, | ||
2505 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT); | ||
2506 | if (NULL == ticket) | ||
2507 | { | ||
2508 | /* send empty response to indicate end of list */ | ||
2509 | GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head, | ||
2510 | ti->client->ticket_iter_tail, | ||
2511 | ti); | ||
2512 | } | ||
2513 | else | ||
2514 | { | ||
2515 | GNUNET_RECLAIM_write_ticket_to_buffer (ticket, | ||
2516 | &trm[1], | ||
2517 | tkt_len); | ||
2518 | } | ||
2519 | trm->tkt_len = htons (tkt_len); | ||
2520 | trm->id = htonl (ti->r_id); | ||
2521 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending TICKET_RESULT message\n"); | ||
2522 | GNUNET_MQ_send (ti->client->mq, env); | ||
2523 | if (NULL == ticket) | ||
2524 | GNUNET_free (ti); | ||
2525 | } | ||
2526 | |||
2527 | static enum GNUNET_GenericReturnValue | ||
2528 | check_ticket_iteration_start ( | ||
2529 | void *cls, | ||
2530 | const struct TicketIterationStartMessage *tis_msg) | ||
2531 | { | ||
2532 | uint16_t size; | ||
2533 | size_t key_len; | ||
2534 | |||
2535 | size = ntohs (tis_msg->header.size); | ||
2536 | key_len = ntohs (tis_msg->key_len); | ||
2537 | |||
2538 | if (size < key_len + sizeof(*tis_msg)) | ||
2539 | { | ||
2540 | GNUNET_break (0); | ||
2541 | return GNUNET_SYSERR; | ||
2542 | } | ||
2543 | return GNUNET_OK; | ||
2544 | } | ||
2545 | |||
2546 | /** | ||
2547 | * Client requests a ticket iteration | ||
2548 | * | ||
2549 | * @param cls the client | ||
2550 | * @param tis_msg the iteration request message | ||
2551 | */ | ||
2552 | static void | ||
2553 | handle_ticket_iteration_start ( | ||
2554 | void *cls, | ||
2555 | const struct TicketIterationStartMessage *tis_msg) | ||
2556 | { | ||
2557 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
2558 | struct IdpClient *client = cls; | ||
2559 | struct TicketIteration *ti; | ||
2560 | size_t key_len; | ||
2561 | size_t read; | ||
2562 | |||
2563 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2564 | "Received TICKET_ITERATION_START message\n"); | ||
2565 | key_len = ntohs (tis_msg->key_len); | ||
2566 | if ((GNUNET_SYSERR == | ||
2567 | GNUNET_CRYPTO_read_private_key_from_buffer (&tis_msg[1], | ||
2568 | key_len, | ||
2569 | &identity, | ||
2570 | &read)) || | ||
2571 | (read != key_len)) | ||
2572 | { | ||
2573 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2574 | "Failed to read private key\n"); | ||
2575 | GNUNET_SERVICE_client_drop (client->client); | ||
2576 | return; | ||
2577 | } | ||
2578 | ti = GNUNET_new (struct TicketIteration); | ||
2579 | ti->r_id = ntohl (tis_msg->id); | ||
2580 | ti->client = client; | ||
2581 | GNUNET_CONTAINER_DLL_insert (client->ticket_iter_head, | ||
2582 | client->ticket_iter_tail, | ||
2583 | ti); | ||
2584 | ti->iter | ||
2585 | = RECLAIM_TICKETS_iteration_start (&identity, &ticket_iter_cb, ti); | ||
2586 | GNUNET_SERVICE_client_continue (client->client); | ||
2587 | } | ||
2588 | |||
2589 | |||
2590 | /** | ||
2591 | * Client has had enough tickets | ||
2592 | * | ||
2593 | * @param cls the client | ||
2594 | * @param tis_msg the stop message | ||
2595 | */ | ||
2596 | static void | ||
2597 | handle_ticket_iteration_stop (void *cls, | ||
2598 | const struct TicketIterationStopMessage *tis_msg) | ||
2599 | { | ||
2600 | struct IdpClient *client = cls; | ||
2601 | struct TicketIteration *ti; | ||
2602 | uint32_t rid; | ||
2603 | |||
2604 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2605 | "Received `%s' message\n", | ||
2606 | "TICKET_ITERATION_STOP"); | ||
2607 | rid = ntohl (tis_msg->id); | ||
2608 | for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) | ||
2609 | if (ti->r_id == rid) | ||
2610 | break; | ||
2611 | if (NULL == ti) | ||
2612 | { | ||
2613 | GNUNET_break (0); | ||
2614 | GNUNET_SERVICE_client_drop (client->client); | ||
2615 | return; | ||
2616 | } | ||
2617 | RECLAIM_TICKETS_iteration_stop (ti->iter); | ||
2618 | GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head, | ||
2619 | client->ticket_iter_tail, | ||
2620 | ti); | ||
2621 | GNUNET_free (ti); | ||
2622 | GNUNET_SERVICE_client_continue (client->client); | ||
2623 | } | ||
2624 | |||
2625 | |||
2626 | /** | ||
2627 | * Client requests next result. | ||
2628 | * | ||
2629 | * @param cls the client | ||
2630 | * @param tis_msg the message | ||
2631 | */ | ||
2632 | static void | ||
2633 | handle_ticket_iteration_next (void *cls, | ||
2634 | const struct TicketIterationNextMessage *tis_msg) | ||
2635 | { | ||
2636 | struct IdpClient *client = cls; | ||
2637 | struct TicketIteration *ti; | ||
2638 | uint32_t rid; | ||
2639 | |||
2640 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2641 | "Received TICKET_ITERATION_NEXT message\n"); | ||
2642 | rid = ntohl (tis_msg->id); | ||
2643 | for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next) | ||
2644 | if (ti->r_id == rid) | ||
2645 | break; | ||
2646 | if (NULL == ti) | ||
2647 | { | ||
2648 | GNUNET_break (0); | ||
2649 | GNUNET_SERVICE_client_drop (client->client); | ||
2650 | return; | ||
2651 | } | ||
2652 | RECLAIM_TICKETS_iteration_next (ti->iter); | ||
2653 | GNUNET_SERVICE_client_continue (client->client); | ||
2654 | } | ||
2655 | |||
2656 | |||
2657 | /** | ||
2658 | * Main function that will be run | ||
2659 | * | ||
2660 | * @param cls closure | ||
2661 | * @param c the configuration used | ||
2662 | * @param server the service handle | ||
2663 | */ | ||
2664 | static void | ||
2665 | run (void *cls, | ||
2666 | const struct GNUNET_CONFIGURATION_Handle *c, | ||
2667 | struct GNUNET_SERVICE_Handle *server) | ||
2668 | { | ||
2669 | cfg = c; | ||
2670 | |||
2671 | if (GNUNET_OK != RECLAIM_TICKETS_init (cfg)) | ||
2672 | { | ||
2673 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2674 | "Unable to initialize TICKETS subsystem.\n"); | ||
2675 | GNUNET_SCHEDULER_shutdown (); | ||
2676 | return; | ||
2677 | } | ||
2678 | // Connect to identity and namestore services | ||
2679 | nsh = GNUNET_NAMESTORE_connect (cfg); | ||
2680 | if (NULL == nsh) | ||
2681 | { | ||
2682 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, | ||
2683 | "error connecting to namestore"); | ||
2684 | } | ||
2685 | |||
2686 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | ||
2687 | } | ||
2688 | |||
2689 | |||
2690 | /** | ||
2691 | * Called whenever a client is disconnected. | ||
2692 | * | ||
2693 | * @param cls closure | ||
2694 | * @param client identification of the client | ||
2695 | * @param app_ctx @a client | ||
2696 | */ | ||
2697 | static void | ||
2698 | client_disconnect_cb (void *cls, | ||
2699 | struct GNUNET_SERVICE_Client *client, | ||
2700 | void *app_ctx) | ||
2701 | { | ||
2702 | struct IdpClient *idp = app_ctx; | ||
2703 | |||
2704 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p disconnected\n", client); | ||
2705 | GNUNET_CONTAINER_DLL_remove (client_list_head, | ||
2706 | client_list_tail, | ||
2707 | idp); | ||
2708 | cleanup_client (idp); | ||
2709 | } | ||
2710 | |||
2711 | |||
2712 | /** | ||
2713 | * Add a client to our list of active clients. | ||
2714 | * | ||
2715 | * @param cls NULL | ||
2716 | * @param client client to add | ||
2717 | * @param mq message queue for @a client | ||
2718 | * @return internal namestore client structure for this client | ||
2719 | */ | ||
2720 | static void * | ||
2721 | client_connect_cb (void *cls, | ||
2722 | struct GNUNET_SERVICE_Client *client, | ||
2723 | struct GNUNET_MQ_Handle *mq) | ||
2724 | { | ||
2725 | struct IdpClient *idp; | ||
2726 | |||
2727 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Client %p connected\n", client); | ||
2728 | idp = GNUNET_new (struct IdpClient); | ||
2729 | idp->client = client; | ||
2730 | idp->mq = mq; | ||
2731 | GNUNET_CONTAINER_DLL_insert (client_list_head, | ||
2732 | client_list_tail, | ||
2733 | idp); | ||
2734 | return idp; | ||
2735 | } | ||
2736 | |||
2737 | |||
2738 | /** | ||
2739 | * Define "main" method using service macro. | ||
2740 | */ | ||
2741 | GNUNET_SERVICE_MAIN ( | ||
2742 | "reclaim", | ||
2743 | GNUNET_SERVICE_OPTION_NONE, | ||
2744 | &run, | ||
2745 | &client_connect_cb, | ||
2746 | &client_disconnect_cb, | ||
2747 | NULL, | ||
2748 | GNUNET_MQ_hd_var_size (attribute_store_message, | ||
2749 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE, | ||
2750 | struct AttributeStoreMessage, | ||
2751 | NULL), | ||
2752 | GNUNET_MQ_hd_var_size (credential_store_message, | ||
2753 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_STORE, | ||
2754 | struct AttributeStoreMessage, | ||
2755 | NULL), | ||
2756 | GNUNET_MQ_hd_var_size (attribute_delete_message, | ||
2757 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_DELETE, | ||
2758 | struct AttributeDeleteMessage, | ||
2759 | NULL), | ||
2760 | GNUNET_MQ_hd_var_size (credential_delete_message, | ||
2761 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_DELETE, | ||
2762 | struct AttributeDeleteMessage, | ||
2763 | NULL), | ||
2764 | GNUNET_MQ_hd_var_size (iteration_start, | ||
2765 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START, | ||
2766 | struct AttributeIterationStartMessage, | ||
2767 | NULL), | ||
2768 | GNUNET_MQ_hd_fixed_size (iteration_next, | ||
2769 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT, | ||
2770 | struct AttributeIterationNextMessage, | ||
2771 | NULL), | ||
2772 | GNUNET_MQ_hd_fixed_size (iteration_stop, | ||
2773 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP, | ||
2774 | struct AttributeIterationStopMessage, | ||
2775 | NULL), | ||
2776 | GNUNET_MQ_hd_var_size (credential_iteration_start, | ||
2777 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_START, | ||
2778 | struct CredentialIterationStartMessage, | ||
2779 | NULL), | ||
2780 | GNUNET_MQ_hd_fixed_size (credential_iteration_next, | ||
2781 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_NEXT, | ||
2782 | struct CredentialIterationNextMessage, | ||
2783 | NULL), | ||
2784 | GNUNET_MQ_hd_fixed_size (credential_iteration_stop, | ||
2785 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_STOP, | ||
2786 | struct CredentialIterationStopMessage, | ||
2787 | NULL), | ||
2788 | |||
2789 | GNUNET_MQ_hd_var_size (issue_ticket_message, | ||
2790 | GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET, | ||
2791 | struct IssueTicketMessage, | ||
2792 | NULL), | ||
2793 | GNUNET_MQ_hd_var_size (consume_ticket_message, | ||
2794 | GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET, | ||
2795 | struct ConsumeTicketMessage, | ||
2796 | NULL), | ||
2797 | GNUNET_MQ_hd_var_size (ticket_iteration_start, | ||
2798 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START, | ||
2799 | struct TicketIterationStartMessage, | ||
2800 | NULL), | ||
2801 | GNUNET_MQ_hd_fixed_size (ticket_iteration_next, | ||
2802 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT, | ||
2803 | struct TicketIterationNextMessage, | ||
2804 | NULL), | ||
2805 | GNUNET_MQ_hd_fixed_size (ticket_iteration_stop, | ||
2806 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP, | ||
2807 | struct TicketIterationStopMessage, | ||
2808 | NULL), | ||
2809 | GNUNET_MQ_hd_var_size (revoke_ticket_message, | ||
2810 | GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET, | ||
2811 | struct RevokeTicketMessage, | ||
2812 | NULL), | ||
2813 | GNUNET_MQ_handler_end ()); | ||
2814 | /* end of gnunet-service-reclaim.c */ | ||
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.c b/src/reclaim/gnunet-service-reclaim_tickets.c deleted file mode 100644 index 689fbc429..000000000 --- a/src/reclaim/gnunet-service-reclaim_tickets.c +++ /dev/null | |||
@@ -1,1894 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Martin Schanzenbach | ||
23 | * @file src/reclaim/gnunet-service-reclaim_tickets.c | ||
24 | * @brief reclaim tickets | ||
25 | * | ||
26 | */ | ||
27 | #include "platform.h" | ||
28 | #include <inttypes.h> | ||
29 | #include "gnunet-service-reclaim_tickets.h" | ||
30 | |||
31 | |||
32 | /** | ||
33 | * FIXME: the default ticket iteration interval should probably | ||
34 | * be the minimim attribute expiration. | ||
35 | */ | ||
36 | #define DEFAULT_TICKET_REFRESH_INTERVAL GNUNET_TIME_UNIT_HOURS | ||
37 | |||
38 | /** | ||
39 | * Handle for a parallel GNS lookup job | ||
40 | * (Declaration further below) | ||
41 | */ | ||
42 | struct ParallelLookup; | ||
43 | |||
44 | |||
45 | /** | ||
46 | * A reference to a ticket stored in GNS | ||
47 | */ | ||
48 | struct TicketReference | ||
49 | { | ||
50 | /** | ||
51 | * DLL | ||
52 | */ | ||
53 | struct TicketReference *next; | ||
54 | |||
55 | /** | ||
56 | * DLL | ||
57 | */ | ||
58 | struct TicketReference *prev; | ||
59 | |||
60 | /** | ||
61 | * Attributes | ||
62 | */ | ||
63 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
64 | |||
65 | /** | ||
66 | * Tickets | ||
67 | */ | ||
68 | struct GNUNET_RECLAIM_Ticket ticket; | ||
69 | }; | ||
70 | |||
71 | |||
72 | /** | ||
73 | * Handle to a consume operation | ||
74 | */ | ||
75 | struct RECLAIM_TICKETS_ConsumeHandle | ||
76 | { | ||
77 | /** | ||
78 | * Ticket | ||
79 | */ | ||
80 | struct GNUNET_RECLAIM_Ticket ticket; | ||
81 | |||
82 | /** | ||
83 | * LookupRequest | ||
84 | */ | ||
85 | struct GNUNET_GNS_LookupRequest *lookup_request; | ||
86 | |||
87 | /** | ||
88 | * Audience Key | ||
89 | */ | ||
90 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
91 | |||
92 | /** | ||
93 | * Audience Key | ||
94 | */ | ||
95 | struct GNUNET_CRYPTO_PublicKey identity_pub; | ||
96 | |||
97 | /** | ||
98 | * Lookup DLL | ||
99 | */ | ||
100 | struct ParallelLookup *parallel_lookups_head; | ||
101 | |||
102 | /** | ||
103 | * Lookup DLL | ||
104 | */ | ||
105 | struct ParallelLookup *parallel_lookups_tail; | ||
106 | |||
107 | /** | ||
108 | * Kill task | ||
109 | */ | ||
110 | struct GNUNET_SCHEDULER_Task *kill_task; | ||
111 | |||
112 | /** | ||
113 | * Attributes | ||
114 | */ | ||
115 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
116 | |||
117 | /** | ||
118 | * Presentations | ||
119 | */ | ||
120 | struct GNUNET_RECLAIM_PresentationList *presentations; | ||
121 | |||
122 | /** | ||
123 | * Lookup time | ||
124 | */ | ||
125 | struct GNUNET_TIME_Absolute lookup_start_time; | ||
126 | |||
127 | /** | ||
128 | * Callback | ||
129 | */ | ||
130 | RECLAIM_TICKETS_ConsumeCallback cb; | ||
131 | |||
132 | /** | ||
133 | * Callback closure | ||
134 | */ | ||
135 | void *cb_cls; | ||
136 | }; | ||
137 | |||
138 | |||
139 | /** | ||
140 | * Handle for a parallel GNS lookup job | ||
141 | */ | ||
142 | struct ParallelLookup | ||
143 | { | ||
144 | /* DLL */ | ||
145 | struct ParallelLookup *next; | ||
146 | |||
147 | /* DLL */ | ||
148 | struct ParallelLookup *prev; | ||
149 | |||
150 | /* The GNS request */ | ||
151 | struct GNUNET_GNS_LookupRequest *lookup_request; | ||
152 | |||
153 | /* The handle the return to */ | ||
154 | struct RECLAIM_TICKETS_ConsumeHandle *handle; | ||
155 | |||
156 | /** | ||
157 | * Lookup time | ||
158 | */ | ||
159 | struct GNUNET_TIME_Absolute lookup_start_time; | ||
160 | |||
161 | /* The label to look up */ | ||
162 | char *label; | ||
163 | }; | ||
164 | |||
165 | |||
166 | /** | ||
167 | * Ticket issue request handle | ||
168 | */ | ||
169 | struct TicketIssueHandle | ||
170 | { | ||
171 | /** | ||
172 | * Attributes to issue | ||
173 | */ | ||
174 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
175 | |||
176 | /** | ||
177 | * Presentations to add | ||
178 | */ | ||
179 | struct GNUNET_RECLAIM_PresentationList *presentations; | ||
180 | |||
181 | /** | ||
182 | * Issuer Key | ||
183 | */ | ||
184 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
185 | |||
186 | /** | ||
187 | * Ticket to issue | ||
188 | */ | ||
189 | struct GNUNET_RECLAIM_Ticket ticket; | ||
190 | |||
191 | /** | ||
192 | * QueueEntry | ||
193 | */ | ||
194 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
195 | |||
196 | /** | ||
197 | * Namestore Iterator | ||
198 | */ | ||
199 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
200 | |||
201 | /** | ||
202 | * Callback | ||
203 | */ | ||
204 | RECLAIM_TICKETS_TicketResult cb; | ||
205 | |||
206 | /** | ||
207 | * Callback cls | ||
208 | */ | ||
209 | void *cb_cls; | ||
210 | }; | ||
211 | |||
212 | |||
213 | /** | ||
214 | * Ticket iterator | ||
215 | */ | ||
216 | struct RECLAIM_TICKETS_Iterator | ||
217 | { | ||
218 | /** | ||
219 | * Namestore queue entry | ||
220 | */ | ||
221 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
222 | |||
223 | /** | ||
224 | * Iter callback | ||
225 | */ | ||
226 | RECLAIM_TICKETS_TicketIter cb; | ||
227 | |||
228 | /** | ||
229 | * Iter cls | ||
230 | */ | ||
231 | void *cb_cls; | ||
232 | }; | ||
233 | |||
234 | |||
235 | struct RevokedAttributeEntry | ||
236 | { | ||
237 | /** | ||
238 | * DLL | ||
239 | */ | ||
240 | struct RevokedAttributeEntry *next; | ||
241 | |||
242 | /** | ||
243 | * DLL | ||
244 | */ | ||
245 | struct RevokedAttributeEntry *prev; | ||
246 | |||
247 | /** | ||
248 | * Old ID of the attribute | ||
249 | */ | ||
250 | struct GNUNET_RECLAIM_Identifier old_id; | ||
251 | |||
252 | /** | ||
253 | * New ID of the attribute | ||
254 | */ | ||
255 | struct GNUNET_RECLAIM_Identifier new_id; | ||
256 | }; | ||
257 | |||
258 | |||
259 | /** | ||
260 | * Ticket revocation request handle | ||
261 | */ | ||
262 | struct RECLAIM_TICKETS_RevokeHandle | ||
263 | { | ||
264 | /** | ||
265 | * Issuer Key | ||
266 | */ | ||
267 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
268 | |||
269 | /** | ||
270 | * Callback | ||
271 | */ | ||
272 | RECLAIM_TICKETS_RevokeCallback cb; | ||
273 | |||
274 | /** | ||
275 | * Callback cls | ||
276 | */ | ||
277 | void *cb_cls; | ||
278 | |||
279 | /** | ||
280 | * Ticket to issue | ||
281 | */ | ||
282 | struct GNUNET_RECLAIM_Ticket ticket; | ||
283 | |||
284 | /** | ||
285 | * QueueEntry | ||
286 | */ | ||
287 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
288 | |||
289 | /** | ||
290 | * Namestore iterator | ||
291 | */ | ||
292 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
293 | |||
294 | /** | ||
295 | * Revoked attributes | ||
296 | */ | ||
297 | struct RevokedAttributeEntry *attrs_head; | ||
298 | |||
299 | /** | ||
300 | * Revoked attributes | ||
301 | */ | ||
302 | struct RevokedAttributeEntry *attrs_tail; | ||
303 | |||
304 | /** | ||
305 | * Current attribute to move | ||
306 | */ | ||
307 | struct RevokedAttributeEntry *move_attr; | ||
308 | |||
309 | /** | ||
310 | * Number of attributes in ticket | ||
311 | */ | ||
312 | unsigned int ticket_attrs; | ||
313 | |||
314 | /** | ||
315 | * Tickets to update | ||
316 | */ | ||
317 | struct TicketRecordsEntry *tickets_to_update_head; | ||
318 | |||
319 | /** | ||
320 | * Tickets to update | ||
321 | */ | ||
322 | struct TicketRecordsEntry *tickets_to_update_tail; | ||
323 | }; | ||
324 | |||
325 | |||
326 | /** | ||
327 | * Ticket expiration interval | ||
328 | */ | ||
329 | static struct GNUNET_TIME_Relative ticket_refresh_interval; | ||
330 | |||
331 | |||
332 | /* Namestore handle */ | ||
333 | static struct GNUNET_NAMESTORE_Handle *nsh; | ||
334 | |||
335 | |||
336 | /* GNS handle */ | ||
337 | static struct GNUNET_GNS_Handle *gns; | ||
338 | |||
339 | |||
340 | /* Handle to the statistics service */ | ||
341 | static struct GNUNET_STATISTICS_Handle *stats; | ||
342 | |||
343 | |||
344 | /** | ||
345 | * Cleanup revoke handle | ||
346 | * | ||
347 | * @param rh the ticket revocation handle | ||
348 | */ | ||
349 | static void | ||
350 | cleanup_rvk (struct RECLAIM_TICKETS_RevokeHandle *rh) | ||
351 | { | ||
352 | struct RevokedAttributeEntry *ae; | ||
353 | struct TicketRecordsEntry *le; | ||
354 | |||
355 | if (NULL != rh->ns_qe) | ||
356 | GNUNET_NAMESTORE_cancel (rh->ns_qe); | ||
357 | if (NULL != rh->ns_it) | ||
358 | GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it); | ||
359 | while (NULL != (ae = rh->attrs_head)) | ||
360 | { | ||
361 | GNUNET_CONTAINER_DLL_remove (rh->attrs_head, rh->attrs_tail, ae); | ||
362 | GNUNET_free (ae); | ||
363 | } | ||
364 | while (NULL != (le = rh->tickets_to_update_head)) | ||
365 | { | ||
366 | GNUNET_CONTAINER_DLL_remove (rh->tickets_to_update_head, | ||
367 | rh->tickets_to_update_head, | ||
368 | le); | ||
369 | if (NULL != le->data) | ||
370 | GNUNET_free (le->data); | ||
371 | if (NULL != le->label) | ||
372 | GNUNET_free (le->label); | ||
373 | GNUNET_free (le); | ||
374 | } | ||
375 | GNUNET_free (rh); | ||
376 | } | ||
377 | |||
378 | |||
379 | /** | ||
380 | * For each ticket, store new, updated attribute references | ||
381 | * (Implementation further below) | ||
382 | * | ||
383 | * @param cls handle to the operation | ||
384 | */ | ||
385 | static void | ||
386 | process_tickets (void *cls); | ||
387 | |||
388 | |||
389 | /** | ||
390 | * Finished storing updated attribute references. | ||
391 | * Abort on error, else continue processing tickets | ||
392 | * | ||
393 | * @param cls handle to the operation | ||
394 | * @param success result of namestore operation | ||
395 | * @param emsg (NULL on success) | ||
396 | */ | ||
397 | static void | ||
398 | ticket_processed (void *cls, enum GNUNET_ErrorCode ec) | ||
399 | { | ||
400 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
401 | |||
402 | rvk->ns_qe = NULL; | ||
403 | GNUNET_SCHEDULER_add_now (&process_tickets, rvk); | ||
404 | } | ||
405 | |||
406 | |||
407 | /** | ||
408 | * For each ticket, store new, updated attribute references | ||
409 | * | ||
410 | * @param cls handle to the operation | ||
411 | */ | ||
412 | static void | ||
413 | process_tickets (void *cls) | ||
414 | { | ||
415 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
416 | struct TicketRecordsEntry *le; | ||
417 | struct RevokedAttributeEntry *ae; | ||
418 | |||
419 | if (NULL == rvk->tickets_to_update_head) | ||
420 | { | ||
421 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
422 | "Finished updatding tickets, success\n"); | ||
423 | rvk->cb (rvk->cb_cls, GNUNET_OK); | ||
424 | cleanup_rvk (rvk); | ||
425 | return; | ||
426 | } | ||
427 | le = rvk->tickets_to_update_head; | ||
428 | GNUNET_CONTAINER_DLL_remove (rvk->tickets_to_update_head, | ||
429 | rvk->tickets_to_update_tail, | ||
430 | le); | ||
431 | struct GNUNET_GNSRECORD_Data rd[le->rd_count]; | ||
432 | if (GNUNET_OK != GNUNET_GNSRECORD_records_deserialize (le->data_size, | ||
433 | le->data, | ||
434 | le->rd_count, | ||
435 | rd)) | ||
436 | { | ||
437 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
438 | "Unable to deserialize ticket record(s)\n"); | ||
439 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
440 | cleanup_rvk (rvk); | ||
441 | return; | ||
442 | } | ||
443 | for (int i = 0; i < le->rd_count; i++) | ||
444 | { | ||
445 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF != rd[i].record_type) | ||
446 | continue; | ||
447 | for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) | ||
448 | { | ||
449 | if (0 != memcmp (rd[i].data, &ae->old_id, sizeof(ae->old_id))) | ||
450 | continue; | ||
451 | rd[i].data = &ae->new_id; | ||
452 | } | ||
453 | } | ||
454 | rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
455 | &rvk->identity, | ||
456 | le->label, | ||
457 | le->rd_count, | ||
458 | rd, | ||
459 | &ticket_processed, | ||
460 | rvk); | ||
461 | GNUNET_free (le->label); | ||
462 | GNUNET_free (le->data); | ||
463 | GNUNET_free (le); | ||
464 | } | ||
465 | |||
466 | |||
467 | /** | ||
468 | * Done collecting tickets. Start processing. | ||
469 | * | ||
470 | * @param cls handle to the operation | ||
471 | */ | ||
472 | static void | ||
473 | rvk_ticket_update_finished (void *cls) | ||
474 | { | ||
475 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
476 | |||
477 | rvk->ns_it = NULL; | ||
478 | GNUNET_SCHEDULER_add_now (&process_tickets, rvk); | ||
479 | } | ||
480 | |||
481 | |||
482 | /** | ||
483 | * We need to update all other tickets with the new attribute IDs. | ||
484 | * We first collect them all. Processing after. | ||
485 | * | ||
486 | * @param cls handle to the operation | ||
487 | * @param zone ticket issuer private key | ||
488 | * @param label ticket rnd | ||
489 | * @param rd_count size of record set | ||
490 | * @param rd record set | ||
491 | */ | ||
492 | static void | ||
493 | rvk_ticket_update (void *cls, | ||
494 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
495 | const char *label, | ||
496 | unsigned int rd_count, | ||
497 | const struct GNUNET_GNSRECORD_Data *rd) | ||
498 | { | ||
499 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
500 | struct TicketRecordsEntry *le; | ||
501 | struct RevokedAttributeEntry *ae; | ||
502 | int has_changed = GNUNET_NO; | ||
503 | |||
504 | /** Let everything point to the old record **/ | ||
505 | for (int i = 0; i < rd_count; i++) | ||
506 | { | ||
507 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF != rd[i].record_type) | ||
508 | continue; | ||
509 | for (ae = rvk->attrs_head; NULL != ae; ae = ae->next) | ||
510 | { | ||
511 | if (0 != memcmp (rd[i].data, &ae->old_id, sizeof(ae->old_id))) | ||
512 | continue; | ||
513 | has_changed = GNUNET_YES; | ||
514 | break; | ||
515 | } | ||
516 | if (GNUNET_YES == has_changed) | ||
517 | break; | ||
518 | } | ||
519 | if (GNUNET_YES == has_changed) | ||
520 | { | ||
521 | le = GNUNET_new (struct TicketRecordsEntry); | ||
522 | le->data_size = GNUNET_GNSRECORD_records_get_size (rd_count, rd); | ||
523 | le->data = GNUNET_malloc (le->data_size); | ||
524 | le->rd_count = rd_count; | ||
525 | le->label = GNUNET_strdup (label); | ||
526 | GNUNET_GNSRECORD_records_serialize (rd_count, rd, le->data_size, le->data); | ||
527 | GNUNET_CONTAINER_DLL_insert (rvk->tickets_to_update_head, | ||
528 | rvk->tickets_to_update_tail, | ||
529 | le); | ||
530 | } | ||
531 | GNUNET_NAMESTORE_zone_iterator_next (rvk->ns_it, 1); | ||
532 | } | ||
533 | |||
534 | |||
535 | /** | ||
536 | * Error iterating namestore. Abort. | ||
537 | * | ||
538 | * @param cls handle to the operation | ||
539 | */ | ||
540 | static void | ||
541 | rvk_ns_iter_err (void *cls) | ||
542 | { | ||
543 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
544 | |||
545 | rvk->ns_it = NULL; | ||
546 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
547 | cleanup_rvk (rvk); | ||
548 | } | ||
549 | |||
550 | |||
551 | /** | ||
552 | * Error storing new attribute in namestore. Abort | ||
553 | * | ||
554 | * @param cls handle to the operation | ||
555 | */ | ||
556 | static void | ||
557 | rvk_ns_err (void *cls) | ||
558 | { | ||
559 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
560 | |||
561 | rvk->ns_qe = NULL; | ||
562 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
563 | cleanup_rvk (rvk); | ||
564 | } | ||
565 | |||
566 | |||
567 | /** | ||
568 | * We change every attribute ID of the ticket attributes we | ||
569 | * want to revoke. | ||
570 | * When we are done, we need to update any other ticket which | ||
571 | * included references to any of the changed attributes. | ||
572 | * | ||
573 | * @param rh handle to the operation | ||
574 | */ | ||
575 | static void | ||
576 | move_attrs (struct RECLAIM_TICKETS_RevokeHandle *rh); | ||
577 | |||
578 | |||
579 | /** | ||
580 | * Delayed continuation for move_attrs | ||
581 | * | ||
582 | * @param cls handle to the operation. | ||
583 | */ | ||
584 | static void | ||
585 | move_attrs_cont (void *cls) | ||
586 | { | ||
587 | move_attrs ((struct RECLAIM_TICKETS_RevokeHandle *) cls); | ||
588 | } | ||
589 | |||
590 | |||
591 | /** | ||
592 | * Done deleting the old record. Abort on error. | ||
593 | * Else, continue updating attribute IDs. | ||
594 | * | ||
595 | * @param cls handle to the operation | ||
596 | * @param success result of the namestore operation | ||
597 | * @param emsg error message (NULL on success) | ||
598 | */ | ||
599 | static void | ||
600 | del_attr_finished (void *cls, enum GNUNET_ErrorCode ec) | ||
601 | { | ||
602 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
603 | |||
604 | rvk->ns_qe = NULL; | ||
605 | if (GNUNET_EC_NONE != ec) | ||
606 | { | ||
607 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
608 | "Error removing attribute: %s\n", | ||
609 | GNUNET_ErrorCode_get_hint (ec)); | ||
610 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
611 | cleanup_rvk (rvk); | ||
612 | return; | ||
613 | } | ||
614 | rvk->move_attr = rvk->move_attr->next; | ||
615 | GNUNET_SCHEDULER_add_now (&move_attrs_cont, rvk); | ||
616 | } | ||
617 | |||
618 | |||
619 | /** | ||
620 | * Updated an attribute ID. | ||
621 | * Abort on error if namestore operation failed. | ||
622 | * Else, we have to delete the old record. | ||
623 | * | ||
624 | * @param cls handle to the operation | ||
625 | * @param success result of the store operation | ||
626 | * @param emsg error message (NULL on success) | ||
627 | */ | ||
628 | static void | ||
629 | move_attr_finished (void *cls, enum GNUNET_ErrorCode ec) | ||
630 | { | ||
631 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
632 | char *label; | ||
633 | |||
634 | rvk->ns_qe = NULL; | ||
635 | if (GNUNET_EC_NONE != ec) | ||
636 | { | ||
637 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
638 | "Error moving attribute: %s\n", | ||
639 | GNUNET_ErrorCode_get_hint (ec)); | ||
640 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
641 | cleanup_rvk (rvk); | ||
642 | return; | ||
643 | } | ||
644 | label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->old_id, | ||
645 | sizeof(rvk->move_attr->old_id)); | ||
646 | GNUNET_assert (NULL != label); | ||
647 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Removing attribute %s\n", label); | ||
648 | rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
649 | &rvk->identity, | ||
650 | label, | ||
651 | 0, | ||
652 | NULL, | ||
653 | &del_attr_finished, | ||
654 | rvk); | ||
655 | GNUNET_free (label); | ||
656 | } | ||
657 | |||
658 | |||
659 | /** | ||
660 | * Got the referenced attribute. Updating the ID | ||
661 | * | ||
662 | * @param cls handle to the operation | ||
663 | * @param zone issuer identity | ||
664 | * @param label attribute ID | ||
665 | * @param rd_count size of record set (should be 1) | ||
666 | * @param rd record set (the attribute) | ||
667 | */ | ||
668 | static void | ||
669 | rvk_move_attr_cb (void *cls, | ||
670 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
671 | const char *label, | ||
672 | unsigned int rd_count, | ||
673 | const struct GNUNET_GNSRECORD_Data *rd) | ||
674 | { | ||
675 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
676 | struct GNUNET_GNSRECORD_Data new_rd[rd_count]; | ||
677 | struct RevokedAttributeEntry *le; | ||
678 | char *new_label; | ||
679 | char *attr_data; | ||
680 | |||
681 | rvk->ns_qe = NULL; | ||
682 | if (0 == rd_count) | ||
683 | { | ||
684 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
685 | "The claim %s no longer exists!\n", | ||
686 | label); | ||
687 | le = rvk->move_attr; | ||
688 | rvk->move_attr = le->next; | ||
689 | GNUNET_CONTAINER_DLL_remove (rvk->attrs_head, rvk->attrs_tail, le); | ||
690 | GNUNET_free (le); | ||
691 | GNUNET_SCHEDULER_add_now (&move_attrs_cont, rvk); | ||
692 | return; | ||
693 | } | ||
694 | GNUNET_RECLAIM_id_generate (&rvk->move_attr->new_id); | ||
695 | new_label = | ||
696 | GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->new_id, | ||
697 | sizeof (rvk->move_attr->new_id)); | ||
698 | |||
699 | attr_data = NULL; | ||
700 | // new_rd = *rd; | ||
701 | for (int i = 0; i < rd_count; i++) | ||
702 | { | ||
703 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE == rd[i].record_type) | ||
704 | { | ||
705 | /** find a new place for this attribute **/ | ||
706 | struct GNUNET_RECLAIM_Attribute *claim; | ||
707 | GNUNET_RECLAIM_attribute_deserialize (rd[i].data, | ||
708 | rd[i].data_size, | ||
709 | &claim); | ||
710 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
711 | "Attribute to update: Name=%s\n", | ||
712 | claim->name); | ||
713 | claim->id = rvk->move_attr->new_id; | ||
714 | new_rd[i].data_size = GNUNET_RECLAIM_attribute_serialize_get_size (claim); | ||
715 | attr_data = GNUNET_malloc (rd[i].data_size); | ||
716 | new_rd[i].data_size = GNUNET_RECLAIM_attribute_serialize (claim, | ||
717 | attr_data); | ||
718 | new_rd[i].data = attr_data; | ||
719 | new_rd[i].record_type = rd[i].record_type; | ||
720 | new_rd[i].flags = rd[i].flags; | ||
721 | new_rd[i].expiration_time = rd[i].expiration_time; | ||
722 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute %s\n", new_label); | ||
723 | GNUNET_free (claim); | ||
724 | } | ||
725 | else if (GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL == rd[i].record_type) | ||
726 | { | ||
727 | struct GNUNET_RECLAIM_Credential *credential; | ||
728 | credential = GNUNET_RECLAIM_credential_deserialize (rd[i].data, | ||
729 | rd[i].data_size); | ||
730 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
731 | "Credential to update: Name=%s\n", | ||
732 | credential->name); | ||
733 | credential->id = rvk->move_attr->new_id; | ||
734 | new_rd[i].data_size = | ||
735 | GNUNET_RECLAIM_credential_serialize_get_size (credential); | ||
736 | attr_data = GNUNET_malloc (rd[i].data_size); | ||
737 | new_rd[i].data_size = GNUNET_RECLAIM_credential_serialize (credential, | ||
738 | attr_data); | ||
739 | new_rd[i].data = attr_data; | ||
740 | new_rd[i].record_type = rd[i].record_type; | ||
741 | new_rd[i].flags = rd[i].flags; | ||
742 | new_rd[i].expiration_time = rd[i].expiration_time; | ||
743 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding credential %s\n", | ||
744 | new_label); | ||
745 | GNUNET_free (credential); | ||
746 | } | ||
747 | else { | ||
748 | memcpy (&new_rd[i], &rd[i], sizeof (struct GNUNET_GNSRECORD_Data)); | ||
749 | } | ||
750 | } | ||
751 | rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
752 | &rvk->identity, | ||
753 | new_label, | ||
754 | rd_count, | ||
755 | new_rd, | ||
756 | &move_attr_finished, | ||
757 | rvk); | ||
758 | GNUNET_free (new_label); | ||
759 | GNUNET_free (attr_data); | ||
760 | } | ||
761 | |||
762 | |||
763 | static void | ||
764 | move_attrs (struct RECLAIM_TICKETS_RevokeHandle *rvk) | ||
765 | { | ||
766 | char *label; | ||
767 | |||
768 | if (NULL == rvk->move_attr) | ||
769 | { | ||
770 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Finished moving attributes\n"); | ||
771 | rvk->ns_it = | ||
772 | GNUNET_NAMESTORE_zone_iteration_start (nsh, | ||
773 | &rvk->identity, | ||
774 | &rvk_ns_iter_err, | ||
775 | rvk, | ||
776 | &rvk_ticket_update, | ||
777 | rvk, | ||
778 | &rvk_ticket_update_finished, | ||
779 | rvk); | ||
780 | return; | ||
781 | } | ||
782 | label = GNUNET_STRINGS_data_to_string_alloc (&rvk->move_attr->old_id, | ||
783 | sizeof (rvk->move_attr->old_id)); | ||
784 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Moving claim %s\n", label); | ||
785 | |||
786 | rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh, | ||
787 | &rvk->identity, | ||
788 | label, | ||
789 | &rvk_ns_err, | ||
790 | rvk, | ||
791 | &rvk_move_attr_cb, | ||
792 | rvk); | ||
793 | GNUNET_free (label); | ||
794 | } | ||
795 | |||
796 | |||
797 | /** | ||
798 | * Finished deleting ticket and attribute references. | ||
799 | * Abort on failure. | ||
800 | * Else, we start changing every attribute ID in the | ||
801 | * found attribute references so that access is no longer | ||
802 | * possible. | ||
803 | * | ||
804 | * @param cls handle to the operation | ||
805 | * @param success Namestore operation return value | ||
806 | * @param emsg error message (NULL on success) | ||
807 | */ | ||
808 | static void | ||
809 | remove_ticket_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
810 | { | ||
811 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
812 | |||
813 | rvk->ns_qe = NULL; | ||
814 | if (GNUNET_EC_NONE != ec) | ||
815 | { | ||
816 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", | ||
817 | GNUNET_ErrorCode_get_hint (ec)); | ||
818 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
819 | cleanup_rvk (rvk); | ||
820 | return; | ||
821 | } | ||
822 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleted ticket\n"); | ||
823 | if (0 == rvk->ticket_attrs) | ||
824 | { | ||
825 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
826 | "No attributes to move... strange\n"); | ||
827 | rvk->cb (rvk->cb_cls, GNUNET_OK); | ||
828 | cleanup_rvk (rvk); | ||
829 | return; | ||
830 | } | ||
831 | rvk->move_attr = rvk->attrs_head; | ||
832 | move_attrs (rvk); | ||
833 | } | ||
834 | |||
835 | |||
836 | /** | ||
837 | * We found the attribute references. | ||
838 | * Store them for later and remove the record set. | ||
839 | * | ||
840 | * @param cls handle to the operation | ||
841 | * @param zone the issuer key | ||
842 | * @param label ticket rnd | ||
843 | * @param rd_count size of record set | ||
844 | * @param rd record set | ||
845 | */ | ||
846 | static void | ||
847 | revoke_attrs_cb (void *cls, | ||
848 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
849 | const char *label, | ||
850 | unsigned int rd_count, | ||
851 | const struct GNUNET_GNSRECORD_Data *rd) | ||
852 | |||
853 | { | ||
854 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
855 | struct RevokedAttributeEntry *le; | ||
856 | |||
857 | rvk->ns_qe = NULL; | ||
858 | /** | ||
859 | * Temporarily store attribute references. | ||
860 | * We need it later. | ||
861 | */ | ||
862 | for (int i = 0; i < rd_count; i++) | ||
863 | { | ||
864 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF != rd[i].record_type) | ||
865 | continue; | ||
866 | le = GNUNET_new (struct RevokedAttributeEntry); | ||
867 | le->old_id = *((struct GNUNET_RECLAIM_Identifier *) rd[i].data); | ||
868 | GNUNET_CONTAINER_DLL_insert (rvk->attrs_head, rvk->attrs_tail, le); | ||
869 | rvk->ticket_attrs++; | ||
870 | } | ||
871 | |||
872 | /** Remove attribute references **/ | ||
873 | rvk->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
874 | &rvk->identity, | ||
875 | label, | ||
876 | 0, | ||
877 | NULL, | ||
878 | &remove_ticket_cont, | ||
879 | rvk); | ||
880 | } | ||
881 | |||
882 | |||
883 | /** | ||
884 | * Failed to query namestore. Abort operation | ||
885 | * | ||
886 | * @param cls handle to the operation | ||
887 | */ | ||
888 | static void | ||
889 | rvk_attrs_err_cb (void *cls) | ||
890 | { | ||
891 | struct RECLAIM_TICKETS_RevokeHandle *rvk = cls; | ||
892 | |||
893 | rvk->cb (rvk->cb_cls, GNUNET_SYSERR); | ||
894 | cleanup_rvk (rvk); | ||
895 | } | ||
896 | |||
897 | |||
898 | /** | ||
899 | * Revoke a ticket. | ||
900 | * We start by looking up attribute references in order | ||
901 | * to change attribute IDs. | ||
902 | * | ||
903 | * @param ticket ticket to revoke | ||
904 | * @param identity private key of issuer | ||
905 | * @param cb revocation status callback | ||
906 | * @param cb_cls callback closure | ||
907 | * @return handle to the operation | ||
908 | */ | ||
909 | struct RECLAIM_TICKETS_RevokeHandle * | ||
910 | RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket, | ||
911 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
912 | RECLAIM_TICKETS_RevokeCallback cb, | ||
913 | void *cb_cls) | ||
914 | { | ||
915 | struct RECLAIM_TICKETS_RevokeHandle *rvk; | ||
916 | char *label; | ||
917 | |||
918 | rvk = GNUNET_new (struct RECLAIM_TICKETS_RevokeHandle); | ||
919 | rvk->cb = cb; | ||
920 | rvk->cb_cls = cb_cls; | ||
921 | rvk->identity = *identity; | ||
922 | rvk->ticket = *ticket; | ||
923 | GNUNET_CRYPTO_key_get_public (&rvk->identity, &rvk->ticket.identity); | ||
924 | /** Get shared attributes **/ | ||
925 | label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, | ||
926 | sizeof(ticket->rnd)); | ||
927 | GNUNET_assert (NULL != label); | ||
928 | rvk->ns_qe = GNUNET_NAMESTORE_records_lookup (nsh, | ||
929 | identity, | ||
930 | label, | ||
931 | &rvk_attrs_err_cb, | ||
932 | rvk, | ||
933 | &revoke_attrs_cb, | ||
934 | rvk); | ||
935 | GNUNET_free (label); | ||
936 | return rvk; | ||
937 | } | ||
938 | |||
939 | |||
940 | /** | ||
941 | * Cancel a revocation. | ||
942 | * | ||
943 | * @param rh handle to the operation | ||
944 | */ | ||
945 | void | ||
946 | RECLAIM_TICKETS_revoke_cancel (struct RECLAIM_TICKETS_RevokeHandle *rh) | ||
947 | { | ||
948 | GNUNET_assert (NULL != rh); | ||
949 | cleanup_rvk (rh); | ||
950 | } | ||
951 | |||
952 | |||
953 | /******************************* | ||
954 | * Ticket consume | ||
955 | *******************************/ | ||
956 | |||
957 | /** | ||
958 | * Cleanup ticket consume handle | ||
959 | * | ||
960 | * @param cth the handle to clean up | ||
961 | */ | ||
962 | static void | ||
963 | cleanup_cth (struct RECLAIM_TICKETS_ConsumeHandle *cth) | ||
964 | { | ||
965 | struct ParallelLookup *lu; | ||
966 | |||
967 | if (NULL != cth->lookup_request) | ||
968 | GNUNET_GNS_lookup_cancel (cth->lookup_request); | ||
969 | if (NULL != cth->kill_task) | ||
970 | GNUNET_SCHEDULER_cancel (cth->kill_task); | ||
971 | while (NULL != (lu = cth->parallel_lookups_head)) | ||
972 | { | ||
973 | if (NULL != lu->lookup_request) | ||
974 | GNUNET_GNS_lookup_cancel (lu->lookup_request); | ||
975 | GNUNET_free (lu->label); | ||
976 | GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head, | ||
977 | cth->parallel_lookups_tail, | ||
978 | lu); | ||
979 | GNUNET_free (lu); | ||
980 | } | ||
981 | |||
982 | if (NULL != cth->attrs) | ||
983 | GNUNET_RECLAIM_attribute_list_destroy (cth->attrs); | ||
984 | if (NULL != cth->presentations) | ||
985 | GNUNET_RECLAIM_presentation_list_destroy (cth->presentations); | ||
986 | GNUNET_free (cth); | ||
987 | } | ||
988 | |||
989 | |||
990 | /** | ||
991 | * We found an attribute record. | ||
992 | * | ||
993 | * @param cls handle to the operation | ||
994 | * @param rd_count size of record set | ||
995 | * @param rd record set | ||
996 | */ | ||
997 | static void | ||
998 | process_parallel_lookup_result (void *cls, | ||
999 | uint32_t rd_count, | ||
1000 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1001 | { | ||
1002 | struct ParallelLookup *parallel_lookup = cls; | ||
1003 | struct RECLAIM_TICKETS_ConsumeHandle *cth = parallel_lookup->handle; | ||
1004 | struct GNUNET_RECLAIM_AttributeListEntry *attr_le; | ||
1005 | |||
1006 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1007 | "Parallel lookup finished (count=%u)\n", | ||
1008 | rd_count); | ||
1009 | |||
1010 | GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head, | ||
1011 | cth->parallel_lookups_tail, | ||
1012 | parallel_lookup); | ||
1013 | GNUNET_free (parallel_lookup->label); | ||
1014 | |||
1015 | GNUNET_STATISTICS_update (stats, | ||
1016 | "attribute_lookup_time_total", | ||
1017 | GNUNET_TIME_absolute_get_duration ( | ||
1018 | parallel_lookup->lookup_start_time) | ||
1019 | .rel_value_us, | ||
1020 | GNUNET_YES); | ||
1021 | GNUNET_STATISTICS_update (stats, "attribute_lookups_count", 1, GNUNET_YES); | ||
1022 | |||
1023 | |||
1024 | GNUNET_free (parallel_lookup); | ||
1025 | if (0 == rd_count) | ||
1026 | GNUNET_break (0); | ||
1027 | // REMARK: It is possible now to find rd_count > 1 | ||
1028 | for (int i = 0; i < rd_count; i++) | ||
1029 | { | ||
1030 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE != rd[i].record_type) | ||
1031 | continue; | ||
1032 | attr_le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
1033 | GNUNET_RECLAIM_attribute_deserialize (rd[i].data, rd[i].data_size, | ||
1034 | &attr_le->attribute); | ||
1035 | GNUNET_CONTAINER_DLL_insert (cth->attrs->list_head, | ||
1036 | cth->attrs->list_tail, | ||
1037 | attr_le); | ||
1038 | } | ||
1039 | if (NULL != cth->parallel_lookups_head) | ||
1040 | return; // Wait for more | ||
1041 | /* Else we are done */ | ||
1042 | cth->cb (cth->cb_cls, &cth->ticket.identity, | ||
1043 | cth->attrs, cth->presentations, GNUNET_OK, NULL); | ||
1044 | cleanup_cth (cth); | ||
1045 | } | ||
1046 | |||
1047 | |||
1048 | /** | ||
1049 | * Cancel the lookups for attribute records | ||
1050 | * | ||
1051 | * @param cls handle to the operation | ||
1052 | */ | ||
1053 | static void | ||
1054 | abort_parallel_lookups (void *cls) | ||
1055 | { | ||
1056 | struct RECLAIM_TICKETS_ConsumeHandle *cth = cls; | ||
1057 | struct ParallelLookup *lu; | ||
1058 | struct ParallelLookup *tmp; | ||
1059 | |||
1060 | cth->kill_task = NULL; | ||
1061 | for (lu = cth->parallel_lookups_head; NULL != lu;) | ||
1062 | { | ||
1063 | GNUNET_GNS_lookup_cancel (lu->lookup_request); | ||
1064 | GNUNET_free (lu->label); | ||
1065 | tmp = lu->next; | ||
1066 | GNUNET_CONTAINER_DLL_remove (cth->parallel_lookups_head, | ||
1067 | cth->parallel_lookups_tail, | ||
1068 | lu); | ||
1069 | GNUNET_free (lu); | ||
1070 | lu = tmp; | ||
1071 | } | ||
1072 | cth->cb (cth->cb_cls, NULL, NULL, NULL, GNUNET_SYSERR, "Aborted"); | ||
1073 | } | ||
1074 | |||
1075 | |||
1076 | /** | ||
1077 | * GNS result with attribute references. | ||
1078 | * For each result, we start a (parallel) lookup of the actual | ||
1079 | * attribute record under the referenced label. | ||
1080 | * | ||
1081 | * @param cls handle to the operation | ||
1082 | * @param rd_count size of the record set | ||
1083 | * @param rd record set | ||
1084 | */ | ||
1085 | static void | ||
1086 | lookup_authz_cb (void *cls, | ||
1087 | uint32_t rd_count, | ||
1088 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1089 | { | ||
1090 | struct RECLAIM_TICKETS_ConsumeHandle *cth = cls; | ||
1091 | struct ParallelLookup *parallel_lookup; | ||
1092 | char *lbl; | ||
1093 | struct GNUNET_RECLAIM_PresentationListEntry *ale; | ||
1094 | |||
1095 | cth->lookup_request = NULL; | ||
1096 | |||
1097 | GNUNET_STATISTICS_update (stats, | ||
1098 | "reclaim_authz_lookup_time_total", | ||
1099 | GNUNET_TIME_absolute_get_duration ( | ||
1100 | cth->lookup_start_time) | ||
1101 | .rel_value_us, | ||
1102 | GNUNET_YES); | ||
1103 | GNUNET_STATISTICS_update (stats, | ||
1104 | "reclaim_authz_lookups_count", | ||
1105 | 1, | ||
1106 | GNUNET_YES); | ||
1107 | |||
1108 | for (int i = 0; i < rd_count; i++) | ||
1109 | { | ||
1110 | /** | ||
1111 | * Check if record is a credential presentation or an attribute | ||
1112 | * reference. | ||
1113 | */ | ||
1114 | switch (rd[i].record_type) | ||
1115 | { | ||
1116 | case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: | ||
1117 | ale = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | ||
1118 | ale->presentation = | ||
1119 | GNUNET_RECLAIM_presentation_deserialize (rd[i].data, | ||
1120 | rd[i].data_size); | ||
1121 | GNUNET_CONTAINER_DLL_insert (cth->presentations->list_head, | ||
1122 | cth->presentations->list_tail, | ||
1123 | ale); | ||
1124 | break; | ||
1125 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: | ||
1126 | lbl = GNUNET_STRINGS_data_to_string_alloc (rd[i].data, rd[i].data_size); | ||
1127 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket reference found %s\n", lbl); | ||
1128 | parallel_lookup = GNUNET_new (struct ParallelLookup); | ||
1129 | parallel_lookup->handle = cth; | ||
1130 | parallel_lookup->label = lbl; | ||
1131 | parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get (); | ||
1132 | parallel_lookup->lookup_request = | ||
1133 | GNUNET_GNS_lookup (gns, | ||
1134 | lbl, | ||
1135 | &cth->ticket.identity, | ||
1136 | GNUNET_GNSRECORD_TYPE_ANY, | ||
1137 | GNUNET_GNS_LO_DEFAULT, | ||
1138 | &process_parallel_lookup_result, | ||
1139 | parallel_lookup); | ||
1140 | GNUNET_CONTAINER_DLL_insert (cth->parallel_lookups_head, | ||
1141 | cth->parallel_lookups_tail, | ||
1142 | parallel_lookup); | ||
1143 | break; | ||
1144 | default: | ||
1145 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1146 | "Ignoring unknown record type %d", rd[i].record_type); | ||
1147 | } | ||
1148 | } | ||
1149 | /** | ||
1150 | * We started lookups. Add a timeout task. | ||
1151 | * FIXME: Really needed here? | ||
1152 | */ | ||
1153 | if (NULL != cth->parallel_lookups_head) | ||
1154 | { | ||
1155 | cth->kill_task = GNUNET_SCHEDULER_add_delayed ( | ||
1156 | GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 3), | ||
1157 | &abort_parallel_lookups, | ||
1158 | cth); | ||
1159 | return; | ||
1160 | } | ||
1161 | /** | ||
1162 | * No references found, return empty attribute list | ||
1163 | */ | ||
1164 | cth->cb (cth->cb_cls, &cth->ticket.identity, | ||
1165 | cth->attrs, NULL, GNUNET_OK, NULL); | ||
1166 | cleanup_cth (cth); | ||
1167 | } | ||
1168 | |||
1169 | |||
1170 | /** | ||
1171 | * Consume a ticket. | ||
1172 | * We first looking attribute references under the label | ||
1173 | * ticket.rnd in GNS. | ||
1174 | * | ||
1175 | * @param id the audience of the ticket | ||
1176 | * @param ticket the ticket to consume | ||
1177 | * @param cb callback to call with attributes of ticket | ||
1178 | * @param cb_cls callback closure | ||
1179 | * @return handle to the operation | ||
1180 | */ | ||
1181 | struct RECLAIM_TICKETS_ConsumeHandle * | ||
1182 | RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_PrivateKey *id, | ||
1183 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
1184 | RECLAIM_TICKETS_ConsumeCallback cb, | ||
1185 | void *cb_cls) | ||
1186 | { | ||
1187 | struct RECLAIM_TICKETS_ConsumeHandle *cth; | ||
1188 | char *label; | ||
1189 | |||
1190 | cth = GNUNET_new (struct RECLAIM_TICKETS_ConsumeHandle); | ||
1191 | |||
1192 | cth->identity = *id; | ||
1193 | GNUNET_CRYPTO_key_get_public (&cth->identity, &cth->identity_pub); | ||
1194 | cth->attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
1195 | cth->presentations = GNUNET_new (struct GNUNET_RECLAIM_PresentationList); | ||
1196 | cth->ticket = *ticket; | ||
1197 | cth->cb = cb; | ||
1198 | cth->cb_cls = cb_cls; | ||
1199 | label = | ||
1200 | GNUNET_STRINGS_data_to_string_alloc (&cth->ticket.rnd, | ||
1201 | sizeof(cth->ticket.rnd)); | ||
1202 | char *str = GNUNET_CRYPTO_public_key_to_string (&cth->ticket.identity); | ||
1203 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1204 | "Looking for AuthZ info under %s in %s\n", | ||
1205 | label, str); | ||
1206 | GNUNET_free (str); | ||
1207 | cth->lookup_start_time = GNUNET_TIME_absolute_get (); | ||
1208 | cth->lookup_request = | ||
1209 | GNUNET_GNS_lookup (gns, | ||
1210 | label, | ||
1211 | &cth->ticket.identity, | ||
1212 | GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF, | ||
1213 | GNUNET_GNS_LO_DEFAULT, | ||
1214 | &lookup_authz_cb, | ||
1215 | cth); | ||
1216 | GNUNET_free (label); | ||
1217 | return cth; | ||
1218 | } | ||
1219 | |||
1220 | |||
1221 | /** | ||
1222 | * Cancel a consume operation | ||
1223 | * | ||
1224 | * @param cth the operation to cancel | ||
1225 | */ | ||
1226 | void | ||
1227 | RECLAIM_TICKETS_consume_cancel (struct RECLAIM_TICKETS_ConsumeHandle *cth) | ||
1228 | { | ||
1229 | cleanup_cth (cth); | ||
1230 | return; | ||
1231 | } | ||
1232 | |||
1233 | |||
1234 | /******************************* | ||
1235 | * Ticket issue | ||
1236 | *******************************/ | ||
1237 | |||
1238 | /** | ||
1239 | * Cleanup ticket consume handle | ||
1240 | * @param handle the handle to clean up | ||
1241 | */ | ||
1242 | static void | ||
1243 | cleanup_issue_handle (struct TicketIssueHandle *handle) | ||
1244 | { | ||
1245 | if (NULL != handle->ns_qe) | ||
1246 | GNUNET_NAMESTORE_cancel (handle->ns_qe); | ||
1247 | GNUNET_free (handle); | ||
1248 | } | ||
1249 | |||
1250 | |||
1251 | /** | ||
1252 | * Store finished, abort on error. | ||
1253 | * Else, return new ticket to caller. | ||
1254 | * | ||
1255 | * @param cls handle to the operation | ||
1256 | * @param success store operation result | ||
1257 | * @param emsg error message (or NULL on success) | ||
1258 | */ | ||
1259 | static void | ||
1260 | store_ticket_issue_cont (void *cls, enum GNUNET_ErrorCode ec) | ||
1261 | { | ||
1262 | struct TicketIssueHandle *handle = cls; | ||
1263 | |||
1264 | handle->ns_qe = NULL; | ||
1265 | if (GNUNET_EC_NONE != ec) | ||
1266 | { | ||
1267 | handle->cb (handle->cb_cls, | ||
1268 | &handle->ticket, | ||
1269 | NULL, | ||
1270 | GNUNET_SYSERR, | ||
1271 | "Error storing AuthZ ticket in GNS"); | ||
1272 | return; | ||
1273 | } | ||
1274 | handle->cb (handle->cb_cls, | ||
1275 | &handle->ticket, | ||
1276 | handle->presentations, | ||
1277 | GNUNET_OK, NULL); | ||
1278 | cleanup_issue_handle (handle); | ||
1279 | } | ||
1280 | |||
1281 | |||
1282 | /** | ||
1283 | * Issue a new ticket. | ||
1284 | * We store references to attribute record labels and the ticket itself | ||
1285 | * under the label base64(ticket.rnd). | ||
1286 | * | ||
1287 | * @param ih handle to the operation containing relevant metadata | ||
1288 | */ | ||
1289 | static void | ||
1290 | issue_ticket (struct TicketIssueHandle *ih) | ||
1291 | { | ||
1292 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
1293 | struct GNUNET_RECLAIM_PresentationListEntry *ple; | ||
1294 | struct GNUNET_GNSRECORD_Data *attrs_record; | ||
1295 | char *label; | ||
1296 | char *tkt_data; | ||
1297 | int i; | ||
1298 | int j; | ||
1299 | int attrs_count = 0; | ||
1300 | |||
1301 | for (le = ih->attrs->list_head; NULL != le; le = le->next) | ||
1302 | attrs_count++; | ||
1303 | |||
1304 | // Worst case we have one presentation per attribute | ||
1305 | attrs_record = | ||
1306 | GNUNET_malloc (2 * attrs_count * sizeof(struct GNUNET_GNSRECORD_Data)); | ||
1307 | i = 0; | ||
1308 | for (le = ih->attrs->list_head; NULL != le; le = le->next) | ||
1309 | { | ||
1310 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1311 | "Adding list entry: %s\n", le->attribute->name); | ||
1312 | |||
1313 | attrs_record[i].data = &le->attribute->id; | ||
1314 | attrs_record[i].data_size = sizeof(le->attribute->id); | ||
1315 | attrs_record[i].expiration_time = ticket_refresh_interval.rel_value_us; | ||
1316 | attrs_record[i].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF; | ||
1317 | attrs_record[i].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
1318 | i++; | ||
1319 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) | ||
1320 | { | ||
1321 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1322 | "Attribute is backed by credential. Adding...\n"); | ||
1323 | struct GNUNET_RECLAIM_Presentation *presentation = NULL; | ||
1324 | for (j = 0; j < i; j++) | ||
1325 | { | ||
1326 | if (attrs_record[j].record_type | ||
1327 | != GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION) | ||
1328 | continue; | ||
1329 | presentation = GNUNET_RECLAIM_presentation_deserialize ( | ||
1330 | attrs_record[j].data, | ||
1331 | attrs_record[j]. | ||
1332 | data_size); | ||
1333 | if (NULL == presentation) | ||
1334 | { | ||
1335 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1336 | "Failed to deserialize presentation\n"); | ||
1337 | continue; | ||
1338 | } | ||
1339 | if (0 == memcmp (&presentation->credential_id, | ||
1340 | &le->attribute->credential, | ||
1341 | sizeof (le->attribute->credential))) | ||
1342 | break; | ||
1343 | GNUNET_free (presentation); | ||
1344 | presentation = NULL; | ||
1345 | } | ||
1346 | if (NULL != presentation) | ||
1347 | { | ||
1348 | GNUNET_free (presentation); | ||
1349 | continue; // Skip as we have already added this credential presentation. | ||
1350 | } | ||
1351 | for (ple = ih->presentations->list_head; NULL != ple; ple = ple->next) | ||
1352 | { | ||
1353 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1354 | "Checking presentation....\n"); | ||
1355 | |||
1356 | if (0 != memcmp (&le->attribute->credential, | ||
1357 | &ple->presentation->credential_id, | ||
1358 | sizeof (le->attribute->credential))) | ||
1359 | { | ||
1360 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1361 | "Presentation does not match credential ID.\n"); | ||
1362 | continue; | ||
1363 | } | ||
1364 | char *pres_buf; | ||
1365 | size_t pres_size; | ||
1366 | |||
1367 | pres_size = | ||
1368 | GNUNET_RECLAIM_presentation_serialize_get_size (ple->presentation); | ||
1369 | pres_buf = GNUNET_malloc (pres_size); | ||
1370 | GNUNET_RECLAIM_presentation_serialize (ple->presentation, | ||
1371 | pres_buf); | ||
1372 | attrs_record[i].data = pres_buf; | ||
1373 | attrs_record[i].data_size = pres_size; | ||
1374 | attrs_record[i].expiration_time = | ||
1375 | ticket_refresh_interval.rel_value_us; | ||
1376 | attrs_record[i].record_type = | ||
1377 | GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION; | ||
1378 | attrs_record[i].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
1379 | i++; | ||
1380 | break; | ||
1381 | } | ||
1382 | } | ||
1383 | } | ||
1384 | attrs_record[i].data_size = | ||
1385 | GNUNET_RECLAIM_ticket_serialize_get_size (&ih->ticket); | ||
1386 | tkt_data = GNUNET_malloc (attrs_record[i].data_size); | ||
1387 | GNUNET_RECLAIM_write_ticket_to_buffer (&ih->ticket, | ||
1388 | tkt_data, | ||
1389 | attrs_record[i].data_size); | ||
1390 | attrs_record[i].data = tkt_data; | ||
1391 | attrs_record[i].expiration_time = ticket_refresh_interval.rel_value_us; | ||
1392 | attrs_record[i].record_type = GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET; | ||
1393 | attrs_record[i].flags = | ||
1394 | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE; | ||
1395 | i++; | ||
1396 | |||
1397 | label = | ||
1398 | GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd, | ||
1399 | sizeof(ih->ticket.rnd)); | ||
1400 | struct GNUNET_CRYPTO_PublicKey pub; | ||
1401 | GNUNET_CRYPTO_key_get_public (&ih->identity, | ||
1402 | &pub); | ||
1403 | char *str = GNUNET_CRYPTO_public_key_to_string (&pub); | ||
1404 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1405 | "Storing AuthZ information under %s in %s\n", label, str); | ||
1406 | GNUNET_free (str); | ||
1407 | // Publish record | ||
1408 | ih->ns_qe = GNUNET_NAMESTORE_records_store (nsh, | ||
1409 | &ih->identity, | ||
1410 | label, | ||
1411 | i, | ||
1412 | attrs_record, | ||
1413 | &store_ticket_issue_cont, | ||
1414 | ih); | ||
1415 | for (j = 0; j < i; j++) | ||
1416 | { | ||
1417 | if (attrs_record[j].record_type | ||
1418 | != GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION) | ||
1419 | continue; | ||
1420 | // Yes, we are allowed to do this because we allocated it above | ||
1421 | char *ptr = (char*) attrs_record[j].data; | ||
1422 | GNUNET_free (ptr); | ||
1423 | } | ||
1424 | GNUNET_free (tkt_data); | ||
1425 | GNUNET_free (attrs_record); | ||
1426 | GNUNET_free (label); | ||
1427 | } | ||
1428 | |||
1429 | |||
1430 | /************************************************* | ||
1431 | * Ticket iteration (finding a specific ticket) | ||
1432 | *************************************************/ | ||
1433 | |||
1434 | |||
1435 | /** | ||
1436 | * Namestore error on issue. Abort. | ||
1437 | * | ||
1438 | * @param cls handle to the operation | ||
1439 | */ | ||
1440 | static void | ||
1441 | filter_tickets_error_cb (void *cls) | ||
1442 | { | ||
1443 | struct TicketIssueHandle *tih = cls; | ||
1444 | |||
1445 | tih->ns_it = NULL; | ||
1446 | tih->cb (tih->cb_cls, | ||
1447 | &tih->ticket, | ||
1448 | NULL, | ||
1449 | GNUNET_SYSERR, | ||
1450 | "Error storing AuthZ ticket in GNS"); | ||
1451 | cleanup_issue_handle (tih); | ||
1452 | } | ||
1453 | |||
1454 | |||
1455 | /** | ||
1456 | * Iterator over records. | ||
1457 | * Check if any previously issued ticket already | ||
1458 | * matches what we need to prevent duplicates and | ||
1459 | * improve resolution synergy. | ||
1460 | * | ||
1461 | * @param cls handle to the operation | ||
1462 | * @param zone issuer identity | ||
1463 | * @param label ticket rnd | ||
1464 | * @param rd_count size of record set | ||
1465 | * @param rd record set | ||
1466 | */ | ||
1467 | static void | ||
1468 | filter_tickets_cb (void *cls, | ||
1469 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
1470 | const char *label, | ||
1471 | unsigned int rd_count, | ||
1472 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1473 | { | ||
1474 | struct TicketIssueHandle *tih = cls; | ||
1475 | struct GNUNET_RECLAIM_Ticket ticket; | ||
1476 | struct GNUNET_RECLAIM_Presentation *presentation; | ||
1477 | struct GNUNET_RECLAIM_PresentationList *ticket_presentations; | ||
1478 | struct GNUNET_RECLAIM_Credential *cred; | ||
1479 | struct GNUNET_RECLAIM_PresentationListEntry *ple; | ||
1480 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
1481 | unsigned int attr_cnt = 0; | ||
1482 | unsigned int pres_cnt = 0; | ||
1483 | int ticket_found = GNUNET_NO; | ||
1484 | |||
1485 | for (le = tih->attrs->list_head; NULL != le; le = le->next) | ||
1486 | { | ||
1487 | attr_cnt++; | ||
1488 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) | ||
1489 | pres_cnt++; | ||
1490 | } | ||
1491 | |||
1492 | // ticket search | ||
1493 | unsigned int found_attrs_cnt = 0; | ||
1494 | unsigned int found_pres_cnt = 0; | ||
1495 | size_t read; | ||
1496 | ticket_presentations = GNUNET_new (struct GNUNET_RECLAIM_PresentationList); | ||
1497 | |||
1498 | for (int i = 0; i < rd_count; i++) | ||
1499 | { | ||
1500 | // found ticket | ||
1501 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET == rd[i].record_type) | ||
1502 | { | ||
1503 | if ((GNUNET_SYSERR == | ||
1504 | GNUNET_RECLAIM_read_ticket_from_buffer (rd[i].data, | ||
1505 | rd[i].data_size, | ||
1506 | &ticket, | ||
1507 | &read)) || | ||
1508 | (read != rd[i].data_size)) | ||
1509 | { | ||
1510 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1511 | "Failed to deserialize ticket from record\n"); | ||
1512 | continue; | ||
1513 | } | ||
1514 | // cmp audience | ||
1515 | // FIXME this is ugly, GNUNET_CRYPTO_PublicKey cannot be compared | ||
1516 | // like this | ||
1517 | if (0 == memcmp (&tih->ticket.audience, | ||
1518 | &ticket.audience, | ||
1519 | sizeof(struct GNUNET_CRYPTO_PublicKey))) | ||
1520 | { | ||
1521 | tih->ticket = ticket; | ||
1522 | ticket_found = GNUNET_YES; | ||
1523 | continue; | ||
1524 | } | ||
1525 | } | ||
1526 | |||
1527 | // cmp requested attributes with ticket attributes | ||
1528 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF == rd[i].record_type) | ||
1529 | { | ||
1530 | for (le = tih->attrs->list_head; NULL != le; le = le->next) | ||
1531 | { | ||
1532 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (rd[i].data, | ||
1533 | &le->attribute->id)) | ||
1534 | found_attrs_cnt++; | ||
1535 | } | ||
1536 | } | ||
1537 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL == rd[i].record_type) | ||
1538 | { | ||
1539 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1540 | "Found credential...\n"); | ||
1541 | |||
1542 | for (le = tih->attrs->list_head; NULL != le; le = le->next) | ||
1543 | { | ||
1544 | cred = GNUNET_RECLAIM_credential_deserialize (rd[i].data, | ||
1545 | rd[i].data_size); | ||
1546 | if (GNUNET_YES != GNUNET_RECLAIM_id_is_equal (&cred->id, | ||
1547 | &le->attribute->credential)) | ||
1548 | { | ||
1549 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1550 | "No match.\n"); | ||
1551 | GNUNET_free (cred); | ||
1552 | continue; | ||
1553 | } | ||
1554 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1555 | "Match, creating presentation...\n"); | ||
1556 | if (GNUNET_OK != GNUNET_RECLAIM_credential_get_presentation ( | ||
1557 | cred, | ||
1558 | tih->attrs, | ||
1559 | &presentation)) | ||
1560 | { | ||
1561 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1562 | "Unable to retrieve presentation from credential\n"); | ||
1563 | GNUNET_free (cred); | ||
1564 | continue; | ||
1565 | } | ||
1566 | ple = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | ||
1567 | ple->presentation = presentation; | ||
1568 | GNUNET_CONTAINER_DLL_insert (tih->presentations->list_head, | ||
1569 | tih->presentations->list_tail, | ||
1570 | ple); | ||
1571 | GNUNET_free (cred); | ||
1572 | break; | ||
1573 | } | ||
1574 | } | ||
1575 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION == rd[i].record_type) | ||
1576 | { | ||
1577 | for (le = tih->attrs->list_head; NULL != le; le = le->next) | ||
1578 | { | ||
1579 | presentation = GNUNET_RECLAIM_presentation_deserialize (rd[i].data, | ||
1580 | rd[i].data_size); | ||
1581 | if (NULL == presentation) | ||
1582 | { | ||
1583 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1584 | "Failed to deserialize presentation\n"); | ||
1585 | continue; | ||
1586 | } | ||
1587 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal ( | ||
1588 | &presentation->credential_id, | ||
1589 | &le->attribute->credential)) | ||
1590 | { | ||
1591 | found_pres_cnt++; | ||
1592 | ple = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | ||
1593 | ple->presentation = presentation; | ||
1594 | GNUNET_CONTAINER_DLL_insert (ticket_presentations->list_head, | ||
1595 | ticket_presentations->list_tail, | ||
1596 | ple); | ||
1597 | } | ||
1598 | } | ||
1599 | } | ||
1600 | } | ||
1601 | |||
1602 | /** | ||
1603 | * If we found a matching ticket, return that to the caller and | ||
1604 | * we are done. | ||
1605 | */ | ||
1606 | if ((attr_cnt == found_attrs_cnt) && | ||
1607 | (pres_cnt == found_pres_cnt) && | ||
1608 | (GNUNET_YES == ticket_found)) | ||
1609 | { | ||
1610 | GNUNET_NAMESTORE_zone_iteration_stop (tih->ns_it); | ||
1611 | tih->cb (tih->cb_cls, &tih->ticket, ticket_presentations, GNUNET_OK, NULL); | ||
1612 | GNUNET_RECLAIM_presentation_list_destroy (ticket_presentations); | ||
1613 | cleanup_issue_handle (tih); | ||
1614 | return; | ||
1615 | } | ||
1616 | GNUNET_RECLAIM_presentation_list_destroy (ticket_presentations); | ||
1617 | // ticket not found in current record, checking next record set | ||
1618 | GNUNET_NAMESTORE_zone_iterator_next (tih->ns_it, 1); | ||
1619 | } | ||
1620 | |||
1621 | |||
1622 | /** | ||
1623 | * Done iterating over tickets and we apparently did | ||
1624 | * not find an existing, matching ticket. | ||
1625 | * Continue by issuing a new ticket. | ||
1626 | * | ||
1627 | * @param cls handle to the operation | ||
1628 | */ | ||
1629 | static void | ||
1630 | filter_tickets_finished_cb (void *cls) | ||
1631 | { | ||
1632 | struct TicketIssueHandle *tih = cls; | ||
1633 | |||
1634 | GNUNET_CRYPTO_key_get_public (&tih->identity, &tih->ticket.identity); | ||
1635 | GNUNET_RECLAIM_id_generate (&tih->ticket.rnd); | ||
1636 | issue_ticket (tih); | ||
1637 | } | ||
1638 | |||
1639 | |||
1640 | /** | ||
1641 | * Issue a new reclaim ticket, thereby authorizing | ||
1642 | * the audience to access the set of provided attributes. | ||
1643 | * | ||
1644 | * @param identity the issuer | ||
1645 | * @param attrs the attributes to share | ||
1646 | * @param audience the audience to share the attributes with | ||
1647 | * @param cb the callback to call with the ticket result | ||
1648 | * @param cb_cls the callback closure | ||
1649 | * FIXME: Return handle?? | ||
1650 | */ | ||
1651 | void | ||
1652 | RECLAIM_TICKETS_issue (const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1653 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
1654 | const struct GNUNET_CRYPTO_PublicKey *audience, | ||
1655 | RECLAIM_TICKETS_TicketResult cb, | ||
1656 | void *cb_cls) | ||
1657 | { | ||
1658 | struct TicketIssueHandle *tih; | ||
1659 | |||
1660 | tih = GNUNET_new (struct TicketIssueHandle); | ||
1661 | tih->cb = cb; | ||
1662 | tih->cb_cls = cb_cls; | ||
1663 | tih->attrs = GNUNET_RECLAIM_attribute_list_dup (attrs); | ||
1664 | tih->presentations = GNUNET_new (struct GNUNET_RECLAIM_PresentationList); | ||
1665 | tih->identity = *identity; | ||
1666 | tih->ticket.audience = *audience; | ||
1667 | |||
1668 | // First check whether the ticket has already been issued | ||
1669 | tih->ns_it = | ||
1670 | GNUNET_NAMESTORE_zone_iteration_start (nsh, | ||
1671 | &tih->identity, | ||
1672 | &filter_tickets_error_cb, | ||
1673 | tih, | ||
1674 | &filter_tickets_cb, | ||
1675 | tih, | ||
1676 | &filter_tickets_finished_cb, | ||
1677 | tih); | ||
1678 | } | ||
1679 | |||
1680 | |||
1681 | /************************************ | ||
1682 | * Ticket iteration | ||
1683 | ************************************/ | ||
1684 | |||
1685 | /** | ||
1686 | * Cleanup ticket iterator | ||
1687 | * | ||
1688 | * @param iter handle to the iteration | ||
1689 | */ | ||
1690 | static void | ||
1691 | cleanup_iter (struct RECLAIM_TICKETS_Iterator *iter) | ||
1692 | { | ||
1693 | if (NULL != iter->ns_it) | ||
1694 | GNUNET_NAMESTORE_zone_iteration_stop (iter->ns_it); | ||
1695 | GNUNET_free (iter); | ||
1696 | } | ||
1697 | |||
1698 | |||
1699 | /** | ||
1700 | * Return each record of type #GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET | ||
1701 | * to the caller and proceed with the iteration. | ||
1702 | * FIXME: Should we _not_ proceed automatically here? | ||
1703 | * | ||
1704 | * @param cls handle to the iteration | ||
1705 | * @param zone the ticket issuer | ||
1706 | * @param label the ticket rnd | ||
1707 | * @param rd_count number of records in record set | ||
1708 | * @param rd record set containing a ticket | ||
1709 | */ | ||
1710 | static void | ||
1711 | collect_tickets_cb (void *cls, | ||
1712 | const struct GNUNET_CRYPTO_PrivateKey *zone, | ||
1713 | const char *label, | ||
1714 | unsigned int rd_count, | ||
1715 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1716 | { | ||
1717 | struct RECLAIM_TICKETS_Iterator *iter = cls; | ||
1718 | struct GNUNET_RECLAIM_Ticket ticket; | ||
1719 | size_t read; | ||
1720 | |||
1721 | for (int i = 0; i < rd_count; i++) | ||
1722 | { | ||
1723 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET != rd[i].record_type) | ||
1724 | continue; | ||
1725 | if ((GNUNET_SYSERR == | ||
1726 | GNUNET_RECLAIM_read_ticket_from_buffer (rd[i].data, | ||
1727 | rd[i].data_size, | ||
1728 | &ticket, | ||
1729 | &read)) || | ||
1730 | (read != rd[i].data_size)) | ||
1731 | { | ||
1732 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1733 | "Failed to deserialize ticket from record\n"); | ||
1734 | continue; | ||
1735 | } | ||
1736 | iter->cb (iter->cb_cls, &ticket); | ||
1737 | return; | ||
1738 | } | ||
1739 | GNUNET_NAMESTORE_zone_iterator_next (iter->ns_it, 1); | ||
1740 | } | ||
1741 | |||
1742 | |||
1743 | /** | ||
1744 | * Signal ticket iteration has finished | ||
1745 | * | ||
1746 | * @param cls handle to the iteration | ||
1747 | */ | ||
1748 | static void | ||
1749 | collect_tickets_finished_cb (void *cls) | ||
1750 | { | ||
1751 | struct RECLAIM_TICKETS_Iterator *iter = cls; | ||
1752 | |||
1753 | iter->ns_it = NULL; | ||
1754 | iter->cb (iter->cb_cls, NULL); | ||
1755 | cleanup_iter (iter); | ||
1756 | } | ||
1757 | |||
1758 | |||
1759 | /** | ||
1760 | * Cancel ticket iteration on namestore error | ||
1761 | * | ||
1762 | * @param cls the iteration handle | ||
1763 | */ | ||
1764 | static void | ||
1765 | collect_tickets_error_cb (void *cls) | ||
1766 | { | ||
1767 | struct RECLAIM_TICKETS_Iterator *iter = cls; | ||
1768 | |||
1769 | iter->ns_it = NULL; | ||
1770 | iter->cb (iter->cb_cls, NULL); | ||
1771 | cleanup_iter (iter); | ||
1772 | } | ||
1773 | |||
1774 | |||
1775 | /** | ||
1776 | * Continue ticket iteration | ||
1777 | * | ||
1778 | * @param iter the iteration to continue | ||
1779 | */ | ||
1780 | void | ||
1781 | RECLAIM_TICKETS_iteration_next (struct RECLAIM_TICKETS_Iterator *iter) | ||
1782 | { | ||
1783 | GNUNET_NAMESTORE_zone_iterator_next (iter->ns_it, 1); | ||
1784 | } | ||
1785 | |||
1786 | |||
1787 | /** | ||
1788 | * Stop a running ticket iteration | ||
1789 | * | ||
1790 | * @param iter iteration to cancel | ||
1791 | */ | ||
1792 | void | ||
1793 | RECLAIM_TICKETS_iteration_stop (struct RECLAIM_TICKETS_Iterator *iter) | ||
1794 | { | ||
1795 | GNUNET_NAMESTORE_zone_iteration_stop (iter->ns_it); | ||
1796 | cleanup_iter (iter); | ||
1797 | } | ||
1798 | |||
1799 | |||
1800 | /** | ||
1801 | * Iterate over all tickets issued by an identity | ||
1802 | * | ||
1803 | * @param identity the issuing identity | ||
1804 | * @param cb ticket callback function | ||
1805 | * @param cb_cls callback closure | ||
1806 | * @return a handle to the iteration | ||
1807 | */ | ||
1808 | struct RECLAIM_TICKETS_Iterator * | ||
1809 | RECLAIM_TICKETS_iteration_start ( | ||
1810 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1811 | RECLAIM_TICKETS_TicketIter cb, | ||
1812 | void *cb_cls) | ||
1813 | { | ||
1814 | struct RECLAIM_TICKETS_Iterator *iter; | ||
1815 | |||
1816 | iter = GNUNET_new (struct RECLAIM_TICKETS_Iterator); | ||
1817 | iter->cb = cb; | ||
1818 | iter->cb_cls = cb_cls; | ||
1819 | iter->ns_it = | ||
1820 | GNUNET_NAMESTORE_zone_iteration_start (nsh, | ||
1821 | identity, | ||
1822 | &collect_tickets_error_cb, | ||
1823 | iter, | ||
1824 | &collect_tickets_cb, | ||
1825 | iter, | ||
1826 | &collect_tickets_finished_cb, | ||
1827 | iter); | ||
1828 | return iter; | ||
1829 | } | ||
1830 | |||
1831 | |||
1832 | /** | ||
1833 | * Initialize tickets component | ||
1834 | * | ||
1835 | * @param c the configuration | ||
1836 | * @return GNUNET_SYSERR on error | ||
1837 | */ | ||
1838 | int | ||
1839 | RECLAIM_TICKETS_init (const struct GNUNET_CONFIGURATION_Handle *c) | ||
1840 | { | ||
1841 | // Get ticket expiration time (relative) from config | ||
1842 | if (GNUNET_OK == | ||
1843 | GNUNET_CONFIGURATION_get_value_time (c, | ||
1844 | "reclaim", | ||
1845 | "TICKET_REFRESH_INTERVAL", | ||
1846 | &ticket_refresh_interval)) | ||
1847 | { | ||
1848 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1849 | "Configured refresh interval for tickets: %s\n", | ||
1850 | GNUNET_STRINGS_relative_time_to_string (ticket_refresh_interval, | ||
1851 | GNUNET_YES)); | ||
1852 | } | ||
1853 | else | ||
1854 | { | ||
1855 | ticket_refresh_interval = DEFAULT_TICKET_REFRESH_INTERVAL; | ||
1856 | } | ||
1857 | // Connect to identity and namestore services | ||
1858 | nsh = GNUNET_NAMESTORE_connect (c); | ||
1859 | if (NULL == nsh) | ||
1860 | { | ||
1861 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, | ||
1862 | "error connecting to namestore"); | ||
1863 | return GNUNET_SYSERR; | ||
1864 | } | ||
1865 | gns = GNUNET_GNS_connect (c); | ||
1866 | if (NULL == gns) | ||
1867 | { | ||
1868 | GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns"); | ||
1869 | return GNUNET_SYSERR; | ||
1870 | } | ||
1871 | stats = GNUNET_STATISTICS_create ("reclaim", c); | ||
1872 | return GNUNET_OK; | ||
1873 | } | ||
1874 | |||
1875 | |||
1876 | /** | ||
1877 | * Close handles and clean up. | ||
1878 | * FIXME: cancel all pending operations (gns, ns etc) | ||
1879 | */ | ||
1880 | void | ||
1881 | RECLAIM_TICKETS_deinit (void) | ||
1882 | { | ||
1883 | if (NULL != nsh) | ||
1884 | GNUNET_NAMESTORE_disconnect (nsh); | ||
1885 | nsh = NULL; | ||
1886 | if (NULL != gns) | ||
1887 | GNUNET_GNS_disconnect (gns); | ||
1888 | gns = NULL; | ||
1889 | if (NULL != stats) | ||
1890 | { | ||
1891 | GNUNET_STATISTICS_destroy (stats, GNUNET_NO); | ||
1892 | stats = NULL; | ||
1893 | } | ||
1894 | } | ||
diff --git a/src/reclaim/gnunet-service-reclaim_tickets.h b/src/reclaim/gnunet-service-reclaim_tickets.h deleted file mode 100644 index 0ec232f49..000000000 --- a/src/reclaim/gnunet-service-reclaim_tickets.h +++ /dev/null | |||
@@ -1,280 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Martin Schanzenbach | ||
23 | * @file src/reclaim/gnunet-service-reclaim_tickets.h | ||
24 | * @brief reclaim tickets | ||
25 | * | ||
26 | */ | ||
27 | |||
28 | #ifndef GNUNET_SERVICE_RECLAIM_TICKETS_H | ||
29 | #define GNUNET_SERVICE_RECLAIM_TICKETS_H | ||
30 | |||
31 | #include "platform.h" | ||
32 | |||
33 | #include "gnunet_util_lib.h" | ||
34 | |||
35 | #include "gnunet_constants.h" | ||
36 | #include "gnunet_gns_service.h" | ||
37 | #include "gnunet_gnsrecord_lib.h" | ||
38 | #include "gnunet_protocols.h" | ||
39 | #include "gnunet_reclaim_lib.h" | ||
40 | #include "gnunet_reclaim_service.h" | ||
41 | #include "gnunet_signatures.h" | ||
42 | #include "gnunet_statistics_service.h" | ||
43 | #include "reclaim.h" | ||
44 | |||
45 | /** | ||
46 | * Ticket iterator | ||
47 | */ | ||
48 | struct RECLAIM_TICKETS_Iterator; | ||
49 | |||
50 | |||
51 | /** | ||
52 | * Handle to a consume operation | ||
53 | */ | ||
54 | struct RECLAIM_TICKETS_ConsumeHandle; | ||
55 | |||
56 | |||
57 | /** | ||
58 | * Ticket revocation request handle | ||
59 | */ | ||
60 | struct RECLAIM_TICKETS_RevokeHandle; | ||
61 | |||
62 | |||
63 | /** | ||
64 | * List of tickets | ||
65 | */ | ||
66 | struct TicketRecordsEntry | ||
67 | { | ||
68 | /** | ||
69 | * DLL | ||
70 | */ | ||
71 | struct TicketRecordsEntry *next; | ||
72 | |||
73 | /** | ||
74 | * DLL | ||
75 | */ | ||
76 | struct TicketRecordsEntry *prev; | ||
77 | |||
78 | /** | ||
79 | * Record count | ||
80 | */ | ||
81 | unsigned int rd_count; | ||
82 | |||
83 | /** | ||
84 | * Data | ||
85 | */ | ||
86 | char *data; | ||
87 | |||
88 | /** | ||
89 | * Data size | ||
90 | */ | ||
91 | size_t data_size; | ||
92 | |||
93 | /** | ||
94 | * Label | ||
95 | */ | ||
96 | char *label; | ||
97 | }; | ||
98 | |||
99 | |||
100 | /** | ||
101 | * Continuation called with ticket. | ||
102 | * | ||
103 | * @param cls closure | ||
104 | * @param ticket the ticket | ||
105 | */ | ||
106 | typedef void (*RECLAIM_TICKETS_TicketIter) ( | ||
107 | void *cls, | ||
108 | struct GNUNET_RECLAIM_Ticket *ticket); | ||
109 | |||
110 | |||
111 | /** | ||
112 | * Continuation called with ticket. | ||
113 | * | ||
114 | * @param cls closure | ||
115 | * @param ticket the ticket | ||
116 | * @param presentations new presentations for ticket (NULL on error) | ||
117 | * @param success #GNUNET_SYSERR on failure (including timeout/queue | ||
118 | * drop/failure to validate) #GNUNET_OK on success | ||
119 | * @param emsg NULL on success, otherwise an error message | ||
120 | */ | ||
121 | typedef void (*RECLAIM_TICKETS_TicketResult) ( | ||
122 | void *cls, | ||
123 | struct GNUNET_RECLAIM_Ticket *ticket, | ||
124 | struct GNUNET_RECLAIM_PresentationList *presentations, | ||
125 | int32_t success, | ||
126 | const char *emsg); | ||
127 | |||
128 | |||
129 | /** | ||
130 | * Consume callback. | ||
131 | * | ||
132 | * @param cls closure | ||
133 | * @param identity the issuer of the ticket/attributes | ||
134 | * @param attributes attribute list retrieved through ticket | ||
135 | * @param presentations attribute presentations (may be NULL) | ||
136 | * @param success GNUNET_OK on success | ||
137 | * @param emsg error message (NULL on success) | ||
138 | */ | ||
139 | typedef void (*RECLAIM_TICKETS_ConsumeCallback) ( | ||
140 | void *cls, | ||
141 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
142 | const struct GNUNET_RECLAIM_AttributeList *attributes, | ||
143 | const struct GNUNET_RECLAIM_PresentationList *presentations, | ||
144 | int32_t success, | ||
145 | const char *emsg); | ||
146 | |||
147 | |||
148 | /** | ||
149 | * Revocation callback. | ||
150 | * | ||
151 | * @param cls closure | ||
152 | * @param success GNUNET_OK on success | ||
153 | */ | ||
154 | typedef void (*RECLAIM_TICKETS_RevokeCallback) (void *cls, int32_t success); | ||
155 | |||
156 | |||
157 | /** | ||
158 | * Revoke a ticket. | ||
159 | * We start by looking up attribute references in order | ||
160 | * to change attribute IDs. | ||
161 | * | ||
162 | * @param ticket ticket to revoke | ||
163 | * @param identity private key of issuer | ||
164 | * @param cb revocation status callback | ||
165 | * @param cb_cls callback closure | ||
166 | * @return handle to the operation | ||
167 | */ | ||
168 | struct RECLAIM_TICKETS_RevokeHandle * | ||
169 | RECLAIM_TICKETS_revoke (const struct GNUNET_RECLAIM_Ticket *ticket, | ||
170 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
171 | RECLAIM_TICKETS_RevokeCallback cb, | ||
172 | void *cb_cls); | ||
173 | |||
174 | |||
175 | /** | ||
176 | * Cancel a revocation. | ||
177 | * | ||
178 | * @param rh handle to the operation | ||
179 | */ | ||
180 | void | ||
181 | RECLAIM_TICKETS_revoke_cancel (struct RECLAIM_TICKETS_RevokeHandle *rh); | ||
182 | |||
183 | |||
184 | /** | ||
185 | * Consume a ticket. | ||
186 | * We first looking attribute references under the label | ||
187 | * ticket.rnd in GNS. | ||
188 | * | ||
189 | * @param id the audience of the ticket | ||
190 | * @param ticket the ticket to consume | ||
191 | * @param cb callback to call with attributes of ticket | ||
192 | * @param cb_cls callback closure | ||
193 | * @return handle to the operation | ||
194 | */ | ||
195 | struct RECLAIM_TICKETS_ConsumeHandle * | ||
196 | RECLAIM_TICKETS_consume (const struct GNUNET_CRYPTO_PrivateKey *id, | ||
197 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
198 | RECLAIM_TICKETS_ConsumeCallback cb, | ||
199 | void *cb_cls); | ||
200 | |||
201 | |||
202 | /** | ||
203 | * Cancel a consume operation | ||
204 | * | ||
205 | * @param cth the operation to cancel | ||
206 | */ | ||
207 | void | ||
208 | RECLAIM_TICKETS_consume_cancel (struct RECLAIM_TICKETS_ConsumeHandle *cth); | ||
209 | |||
210 | |||
211 | /** | ||
212 | * Issue a new reclaim ticket, thereby authorizing | ||
213 | * the audience to access the set of provided attributes. | ||
214 | * | ||
215 | * @param identity the issuer | ||
216 | * @param attrs the attributes to share | ||
217 | * @param audience the audience to share the attributes with | ||
218 | * @param cb the callback to call with the ticket result | ||
219 | * @param cb_cls the callback closure | ||
220 | * FIXME: Return handle?? | ||
221 | */ | ||
222 | void | ||
223 | RECLAIM_TICKETS_issue (const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
224 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
225 | const struct GNUNET_CRYPTO_PublicKey *audience, | ||
226 | RECLAIM_TICKETS_TicketResult cb, | ||
227 | void *cb_cls); | ||
228 | |||
229 | |||
230 | /** | ||
231 | * Continue ticket iteration | ||
232 | * | ||
233 | * @param iter the iteration to continue | ||
234 | */ | ||
235 | void | ||
236 | RECLAIM_TICKETS_iteration_next (struct RECLAIM_TICKETS_Iterator *iter); | ||
237 | |||
238 | |||
239 | /** | ||
240 | * Stop a running ticket iteration | ||
241 | * | ||
242 | * @param iter iteration to cancel | ||
243 | */ | ||
244 | void | ||
245 | RECLAIM_TICKETS_iteration_stop (struct RECLAIM_TICKETS_Iterator *iter); | ||
246 | |||
247 | |||
248 | /** | ||
249 | * Iterate over all tickets issued by an identity | ||
250 | * | ||
251 | * @param identity the issuing identity | ||
252 | * @param cb ticket callback function | ||
253 | * @param cb_cls callback closure | ||
254 | * @return a handle to the iteration | ||
255 | */ | ||
256 | struct RECLAIM_TICKETS_Iterator * | ||
257 | RECLAIM_TICKETS_iteration_start ( | ||
258 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
259 | RECLAIM_TICKETS_TicketIter cb, | ||
260 | void *cb_cls); | ||
261 | |||
262 | |||
263 | /** | ||
264 | * Initialize tickets component | ||
265 | * | ||
266 | * @param c the configuration | ||
267 | * @return GNUNET_SYSERR on error | ||
268 | */ | ||
269 | int | ||
270 | RECLAIM_TICKETS_init (const struct GNUNET_CONFIGURATION_Handle *c); | ||
271 | |||
272 | |||
273 | /** | ||
274 | * Close handles and clean up. | ||
275 | * FIXME: cancel all pending operations (gns, ns etc) | ||
276 | */ | ||
277 | void | ||
278 | RECLAIM_TICKETS_deinit (void); | ||
279 | |||
280 | #endif | ||
diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c deleted file mode 100644 index b1ca7a4a5..000000000 --- a/src/reclaim/json_reclaim.c +++ /dev/null | |||
@@ -1,398 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2018 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file rest-plugins/json_reclaim.c | ||
23 | * @brief JSON handling of reclaim data | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_json_lib.h" | ||
29 | #include "gnunet_reclaim_lib.h" | ||
30 | #include "gnunet_reclaim_service.h" | ||
31 | |||
32 | |||
33 | /** | ||
34 | * Parse given JSON object to a claim | ||
35 | * | ||
36 | * @param cls closure, NULL | ||
37 | * @param root the json object representing data | ||
38 | * @param spec where to write the data | ||
39 | * @return #GNUNET_OK upon successful parsing; #GNUNET_SYSERR upon error | ||
40 | */ | ||
41 | static int | ||
42 | parse_attr (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) | ||
43 | { | ||
44 | struct GNUNET_RECLAIM_Attribute *attr; | ||
45 | const char *name_str = NULL; | ||
46 | const char *val_str = NULL; | ||
47 | const char *type_str = NULL; | ||
48 | const char *id_str = NULL; | ||
49 | const char *cred_str = NULL; | ||
50 | const char *flag_str = NULL; | ||
51 | char *data; | ||
52 | int unpack_state; | ||
53 | uint32_t type; | ||
54 | size_t data_size; | ||
55 | |||
56 | GNUNET_assert (NULL != root); | ||
57 | |||
58 | if (! json_is_object (root)) | ||
59 | { | ||
60 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
61 | "Error json is not array nor object!\n"); | ||
62 | return GNUNET_SYSERR; | ||
63 | } | ||
64 | // interpret single attribute | ||
65 | unpack_state = json_unpack (root, | ||
66 | "{s:s, s?s, s?s, s:s, s:s, s?s!}", | ||
67 | "name", | ||
68 | &name_str, | ||
69 | "id", | ||
70 | &id_str, | ||
71 | "credential", | ||
72 | &cred_str, | ||
73 | "type", | ||
74 | &type_str, | ||
75 | "value", | ||
76 | &val_str, | ||
77 | "flag", | ||
78 | &flag_str); | ||
79 | if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_str) || | ||
80 | (NULL == type_str)) | ||
81 | { | ||
82 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
83 | "Error json object has a wrong format!\n"); | ||
84 | return GNUNET_SYSERR; | ||
85 | } | ||
86 | type = GNUNET_RECLAIM_attribute_typename_to_number (type_str); | ||
87 | if (GNUNET_SYSERR == | ||
88 | (GNUNET_RECLAIM_attribute_string_to_value (type, | ||
89 | val_str, | ||
90 | (void **) &data, | ||
91 | &data_size))) | ||
92 | { | ||
93 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Attribute value invalid!\n"); | ||
94 | return GNUNET_SYSERR; | ||
95 | } | ||
96 | attr = GNUNET_RECLAIM_attribute_new (name_str, NULL, | ||
97 | type, data, data_size); | ||
98 | GNUNET_free (data); | ||
99 | if ((NULL != cred_str) && (0 != strlen (cred_str))) | ||
100 | { | ||
101 | GNUNET_STRINGS_string_to_data (cred_str, | ||
102 | strlen (cred_str), | ||
103 | &attr->credential, | ||
104 | sizeof(attr->credential)); | ||
105 | } | ||
106 | if ((NULL == id_str) || (0 == strlen (id_str))) | ||
107 | memset (&attr->id, 0, sizeof (attr->id)); | ||
108 | else | ||
109 | GNUNET_STRINGS_string_to_data (id_str, | ||
110 | strlen (id_str), | ||
111 | &attr->id, | ||
112 | sizeof(attr->id)); | ||
113 | |||
114 | *(struct GNUNET_RECLAIM_Attribute **) spec->ptr = attr; | ||
115 | return GNUNET_OK; | ||
116 | } | ||
117 | |||
118 | |||
119 | /** | ||
120 | * Cleanup data left from parsing RSA public key. | ||
121 | * | ||
122 | * @param cls closure, NULL | ||
123 | * @param[out] spec where to free the data | ||
124 | */ | ||
125 | static void | ||
126 | clean_attr (void *cls, struct GNUNET_JSON_Specification *spec) | ||
127 | { | ||
128 | struct GNUNET_RECLAIM_Attribute **attr; | ||
129 | |||
130 | attr = (struct GNUNET_RECLAIM_Attribute **) spec->ptr; | ||
131 | if (NULL != *attr) | ||
132 | { | ||
133 | GNUNET_free (*attr); | ||
134 | *attr = NULL; | ||
135 | } | ||
136 | } | ||
137 | |||
138 | |||
139 | /** | ||
140 | * JSON Specification for Reclaim claims. | ||
141 | * | ||
142 | * @param ticket struct of GNUNET_RECLAIM_Attribute to fill | ||
143 | * @return JSON Specification | ||
144 | */ | ||
145 | struct GNUNET_JSON_Specification | ||
146 | GNUNET_RECLAIM_JSON_spec_attribute (struct GNUNET_RECLAIM_Attribute **attr) | ||
147 | { | ||
148 | struct GNUNET_JSON_Specification ret = { .parser = &parse_attr, | ||
149 | .cleaner = &clean_attr, | ||
150 | .cls = NULL, | ||
151 | .field = NULL, | ||
152 | .ptr = attr, | ||
153 | .ptr_size = 0, | ||
154 | .size_ptr = NULL }; | ||
155 | |||
156 | *attr = NULL; | ||
157 | return ret; | ||
158 | } | ||
159 | |||
160 | |||
161 | /** | ||
162 | * Parse given JSON object to a ticket | ||
163 | * | ||
164 | * @param cls closure, NULL | ||
165 | * @param root the json object representing data | ||
166 | * @param spec where to write the data | ||
167 | * @return #GNUNET_OK upon successful parsing; #GNUNET_SYSERR upon error | ||
168 | */ | ||
169 | static int | ||
170 | parse_ticket (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) | ||
171 | { | ||
172 | struct GNUNET_RECLAIM_Ticket *ticket; | ||
173 | const char *rnd_str; | ||
174 | const char *aud_str; | ||
175 | const char *id_str; | ||
176 | int unpack_state; | ||
177 | |||
178 | GNUNET_assert (NULL != root); | ||
179 | |||
180 | if (! json_is_object (root)) | ||
181 | { | ||
182 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
183 | "Error json is not array nor object!\n"); | ||
184 | return GNUNET_SYSERR; | ||
185 | } | ||
186 | // interpret single ticket | ||
187 | unpack_state = json_unpack (root, | ||
188 | "{s:s, s:s, s:s!}", | ||
189 | "rnd", | ||
190 | &rnd_str, | ||
191 | "audience", | ||
192 | &aud_str, | ||
193 | "issuer", | ||
194 | &id_str); | ||
195 | if (0 != unpack_state) | ||
196 | { | ||
197 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
198 | "Error json object has a wrong format!\n"); | ||
199 | return GNUNET_SYSERR; | ||
200 | } | ||
201 | ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket); | ||
202 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (rnd_str, | ||
203 | strlen (rnd_str), | ||
204 | &ticket->rnd, | ||
205 | sizeof(ticket->rnd))) | ||
206 | { | ||
207 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Rnd invalid\n"); | ||
208 | GNUNET_free (ticket); | ||
209 | return GNUNET_SYSERR; | ||
210 | } | ||
211 | if (GNUNET_OK != | ||
212 | GNUNET_STRINGS_string_to_data (id_str, | ||
213 | strlen (id_str), | ||
214 | &ticket->identity, | ||
215 | sizeof(ticket->identity))) | ||
216 | { | ||
217 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Identity invalid\n"); | ||
218 | GNUNET_free (ticket); | ||
219 | return GNUNET_SYSERR; | ||
220 | } | ||
221 | |||
222 | if (GNUNET_OK != | ||
223 | GNUNET_STRINGS_string_to_data (aud_str, | ||
224 | strlen (aud_str), | ||
225 | &ticket->audience, | ||
226 | sizeof(ticket->audience))) | ||
227 | { | ||
228 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience invalid\n"); | ||
229 | GNUNET_free (ticket); | ||
230 | return GNUNET_SYSERR; | ||
231 | } | ||
232 | |||
233 | *(struct GNUNET_RECLAIM_Ticket **) spec->ptr = ticket; | ||
234 | return GNUNET_OK; | ||
235 | } | ||
236 | |||
237 | |||
238 | /** | ||
239 | * Cleanup data left from parsing RSA public key. | ||
240 | * | ||
241 | * @param cls closure, NULL | ||
242 | * @param[out] spec where to free the data | ||
243 | */ | ||
244 | static void | ||
245 | clean_ticket (void *cls, struct GNUNET_JSON_Specification *spec) | ||
246 | { | ||
247 | struct GNUNET_RECLAIM_Ticket **ticket; | ||
248 | |||
249 | ticket = (struct GNUNET_RECLAIM_Ticket **) spec->ptr; | ||
250 | if (NULL != *ticket) | ||
251 | { | ||
252 | GNUNET_free (*ticket); | ||
253 | *ticket = NULL; | ||
254 | } | ||
255 | } | ||
256 | |||
257 | |||
258 | /** | ||
259 | * JSON Specification for Reclaim tickets. | ||
260 | * | ||
261 | * @param ticket struct of GNUNET_RECLAIM_Ticket to fill | ||
262 | * @return JSON Specification | ||
263 | */ | ||
264 | struct GNUNET_JSON_Specification | ||
265 | GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket) | ||
266 | { | ||
267 | struct GNUNET_JSON_Specification ret = { .parser = &parse_ticket, | ||
268 | .cleaner = &clean_ticket, | ||
269 | .cls = NULL, | ||
270 | .field = NULL, | ||
271 | .ptr = ticket, | ||
272 | .ptr_size = 0, | ||
273 | .size_ptr = NULL }; | ||
274 | |||
275 | *ticket = NULL; | ||
276 | return ret; | ||
277 | } | ||
278 | |||
279 | |||
280 | /** | ||
281 | * Parse given JSON object to a credential claim | ||
282 | * | ||
283 | * @param cls closure, NULL | ||
284 | * @param root the json object representing data | ||
285 | * @param spec where to write the data | ||
286 | * @return #GNUNET_OK upon successful parsing; #GNUNET_SYSERR upon error | ||
287 | */ | ||
288 | static int | ||
289 | parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spec) | ||
290 | { | ||
291 | struct GNUNET_RECLAIM_Credential *cred; | ||
292 | const char *name_str = NULL; | ||
293 | const char *type_str = NULL; | ||
294 | const char *id_str = NULL; | ||
295 | json_t *val_json; | ||
296 | char *data = NULL; | ||
297 | char *val_str = NULL; | ||
298 | int unpack_state; | ||
299 | uint32_t type; | ||
300 | size_t data_size; | ||
301 | |||
302 | GNUNET_assert (NULL != root); | ||
303 | |||
304 | if (! json_is_object (root)) | ||
305 | { | ||
306 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
307 | "Error json is not array nor object!\n"); | ||
308 | return GNUNET_SYSERR; | ||
309 | } | ||
310 | // interpret single attribute | ||
311 | unpack_state = json_unpack (root, | ||
312 | "{s:s, s?s, s:s, s:o!}", | ||
313 | "name", | ||
314 | &name_str, | ||
315 | "id", | ||
316 | &id_str, | ||
317 | "type", | ||
318 | &type_str, | ||
319 | "value", | ||
320 | &val_json); | ||
321 | if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_json) || | ||
322 | (NULL == type_str)) | ||
323 | { | ||
324 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
325 | "Error json object has a wrong format!\n"); | ||
326 | return GNUNET_SYSERR; | ||
327 | } | ||
328 | if (json_is_string (val_json)) { | ||
329 | val_str = GNUNET_strdup (json_string_value (val_json)); | ||
330 | } else { | ||
331 | val_str = json_dumps (val_json, JSON_COMPACT); | ||
332 | } | ||
333 | type = GNUNET_RECLAIM_credential_typename_to_number (type_str); | ||
334 | if (GNUNET_SYSERR == | ||
335 | (GNUNET_RECLAIM_credential_string_to_value (type, | ||
336 | val_str, | ||
337 | (void **) &data, | ||
338 | &data_size))) | ||
339 | { | ||
340 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Credential value invalid!\n"); | ||
341 | return GNUNET_SYSERR; | ||
342 | } | ||
343 | cred = GNUNET_RECLAIM_credential_new (name_str, type, data, data_size); | ||
344 | GNUNET_free (data); | ||
345 | if ((NULL == id_str) || (0 == strlen (id_str))) | ||
346 | memset (&cred->id, 0, sizeof (cred->id)); | ||
347 | else | ||
348 | GNUNET_STRINGS_string_to_data (id_str, | ||
349 | strlen (id_str), | ||
350 | &cred->id, | ||
351 | sizeof(cred->id)); | ||
352 | |||
353 | *(struct GNUNET_RECLAIM_Credential **) spec->ptr = cred; | ||
354 | return GNUNET_OK; | ||
355 | } | ||
356 | |||
357 | |||
358 | /** | ||
359 | * Cleanup data left from parsing RSA public key. | ||
360 | * | ||
361 | * @param cls closure, NULL | ||
362 | * @param[out] spec where to free the data | ||
363 | */ | ||
364 | static void | ||
365 | clean_credential (void *cls, struct GNUNET_JSON_Specification *spec) | ||
366 | { | ||
367 | struct GNUNET_RECLAIM_Credential **attr; | ||
368 | |||
369 | attr = (struct GNUNET_RECLAIM_Credential **) spec->ptr; | ||
370 | if (NULL != *attr) | ||
371 | { | ||
372 | GNUNET_free (*attr); | ||
373 | *attr = NULL; | ||
374 | } | ||
375 | } | ||
376 | |||
377 | |||
378 | /** | ||
379 | * JSON Specification for credential claims. | ||
380 | * | ||
381 | * @param attr struct of GNUNET_RECLAIM_Credential to fill | ||
382 | * @return JSON Specification | ||
383 | */ | ||
384 | struct GNUNET_JSON_Specification | ||
385 | GNUNET_RECLAIM_JSON_spec_credential (struct | ||
386 | GNUNET_RECLAIM_Credential **cred) | ||
387 | { | ||
388 | struct GNUNET_JSON_Specification ret = { .parser = &parse_credential, | ||
389 | .cleaner = &clean_credential, | ||
390 | .cls = NULL, | ||
391 | .field = NULL, | ||
392 | .ptr = cred, | ||
393 | .ptr_size = 0, | ||
394 | .size_ptr = NULL }; | ||
395 | |||
396 | *cred = NULL; | ||
397 | return ret; | ||
398 | } | ||
diff --git a/src/reclaim/json_reclaim.h b/src/reclaim/json_reclaim.h deleted file mode 100644 index 613ddf873..000000000 --- a/src/reclaim/json_reclaim.h +++ /dev/null | |||
@@ -1,57 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2009-2018 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file rest-plugins/json_reclaim.h | ||
23 | * @brief JSON handling of reclaim data | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_json_lib.h" | ||
29 | #include "gnunet_reclaim_service.h" | ||
30 | #include "gnunet_reclaim_lib.h" | ||
31 | |||
32 | /** | ||
33 | * JSON Specification for Reclaim claims. | ||
34 | * | ||
35 | * @param attr struct of GNUNET_RECLAIM_Attribute to fill | ||
36 | * @return JSON Specification | ||
37 | */ | ||
38 | struct GNUNET_JSON_Specification | ||
39 | GNUNET_RECLAIM_JSON_spec_attribute (struct GNUNET_RECLAIM_Attribute **attr); | ||
40 | |||
41 | /** | ||
42 | * JSON Specification for Reclaim tickets. | ||
43 | * | ||
44 | * @param ticket struct of GNUNET_RECLAIM_Ticket to fill | ||
45 | * @return JSON Specification | ||
46 | */ | ||
47 | struct GNUNET_JSON_Specification | ||
48 | GNUNET_RECLAIM_JSON_spec_ticket (struct GNUNET_RECLAIM_Ticket **ticket); | ||
49 | |||
50 | /** | ||
51 | * JSON Specification for credentials. | ||
52 | * | ||
53 | * @param cred struct of GNUNET_RECLAIM_Credential to fill | ||
54 | * @return JSON Specification | ||
55 | */ | ||
56 | struct GNUNET_JSON_Specification | ||
57 | GNUNET_RECLAIM_JSON_spec_credential (struct GNUNET_RECLAIM_Credential **cred); | ||
diff --git a/src/reclaim/meson.build b/src/reclaim/meson.build deleted file mode 100644 index fafc68a92..000000000 --- a/src/reclaim/meson.build +++ /dev/null | |||
@@ -1,144 +0,0 @@ | |||
1 | libgnunetreclaim_src = ['reclaim_api.c', | ||
2 | 'reclaim_attribute.c', | ||
3 | 'reclaim_credential.c'] | ||
4 | libgnunetdid_src = ['did_helper.c', | ||
5 | 'did_core.c'] | ||
6 | |||
7 | gnunetservicereclaim_src = ['gnunet-service-reclaim.c', | ||
8 | 'gnunet-service-reclaim_tickets.c'] | ||
9 | |||
10 | configure_file(input : 'reclaim.conf', | ||
11 | output : 'reclaim.conf', | ||
12 | configuration : cdata, | ||
13 | install: true, | ||
14 | install_dir: pkgcfgdir) | ||
15 | |||
16 | |||
17 | if get_option('monolith') | ||
18 | foreach p : libgnunetreclaim_src + gnunetservicereclaim_src | ||
19 | gnunet_src += 'reclaim/' + p | ||
20 | endforeach | ||
21 | subdir_done() | ||
22 | endif | ||
23 | |||
24 | libgnunetreclaim = library('gnunetreclaim', | ||
25 | libgnunetreclaim_src, | ||
26 | soversion: '0', | ||
27 | version: '0.0.0', | ||
28 | dependencies: [libgnunetutil_dep, | ||
29 | libgnunetidentity_dep], | ||
30 | include_directories: [incdir, configuration_inc], | ||
31 | install: true, | ||
32 | install_dir: get_option('libdir')) | ||
33 | libgnunetreclaim_dep = declare_dependency(link_with : libgnunetreclaim) | ||
34 | pkg.generate(libgnunetreclaim, url: 'https://www.gnunet.org', | ||
35 | description : 'Provides API to access reclaimID') | ||
36 | |||
37 | shared_module('gnunet_plugin_gnsrecord_reclaim', | ||
38 | ['plugin_gnsrecord_reclaim.c'], | ||
39 | dependencies: [libgnunetutil_dep, libgnunetgnsrecord_dep], | ||
40 | include_directories: [incdir, configuration_inc], | ||
41 | install: true, | ||
42 | install_dir: get_option('libdir')/'gnunet') | ||
43 | |||
44 | libgnunetdid = library('gnunetdid', | ||
45 | libgnunetdid_src, | ||
46 | soversion: '0', | ||
47 | version: '0.0.0', | ||
48 | dependencies: [libgnunetutil_dep, | ||
49 | libgnunetnamestore_dep, | ||
50 | libgnunetgnsrecord_dep, | ||
51 | libgnunetgns_dep, | ||
52 | json_dep, | ||
53 | libgnunetidentity_dep], | ||
54 | include_directories: [incdir, configuration_inc], | ||
55 | install: true, | ||
56 | install_dir: get_option('libdir')) | ||
57 | libgnunetdid_dep = declare_dependency(link_with : libgnunetdid) | ||
58 | pkg.generate(libgnunetdid, url: 'https://www.gnunet.org', | ||
59 | description : 'Provides API to manipulate DID') | ||
60 | |||
61 | shared_module('gnunet_plugin_rest_reclaim', | ||
62 | ['plugin_rest_reclaim.c', 'json_reclaim.c'], | ||
63 | dependencies: [libgnunetrest_dep, | ||
64 | libgnunetidentity_dep, | ||
65 | libgnunetreclaim_dep, | ||
66 | libgnunetjson_dep, | ||
67 | libgnunetutil_dep, | ||
68 | json_dep, | ||
69 | mhd_dep], | ||
70 | include_directories: [incdir, configuration_inc], | ||
71 | install: true, | ||
72 | install_dir: get_option('libdir') / 'gnunet') | ||
73 | shared_module('gnunet_plugin_reclaim_attribute_basic', | ||
74 | ['plugin_reclaim_attribute_basic.c'], | ||
75 | dependencies: [libgnunetrest_dep, | ||
76 | libgnunetidentity_dep, | ||
77 | libgnunetreclaim_dep, | ||
78 | libgnunetjson_dep, | ||
79 | libgnunetutil_dep, | ||
80 | json_dep], | ||
81 | include_directories: [incdir, configuration_inc], | ||
82 | install: true, | ||
83 | install_dir: get_option('libdir') / 'gnunet') | ||
84 | shared_module('gnunet_plugin_reclaim_credential_jwt', | ||
85 | ['plugin_reclaim_credential_jwt.c'], | ||
86 | dependencies: [libgnunetrest_dep, | ||
87 | libgnunetidentity_dep, | ||
88 | libgnunetreclaim_dep, | ||
89 | libgnunetjson_dep, | ||
90 | libgnunetutil_dep, | ||
91 | json_dep], | ||
92 | include_directories: [incdir, configuration_inc], | ||
93 | install: true, | ||
94 | install_dir: get_option('libdir') / 'gnunet') | ||
95 | |||
96 | |||
97 | shared_module('gnunet_plugin_rest_openid_connect', | ||
98 | ['plugin_rest_openid_connect.c', 'oidc_helper.c'], | ||
99 | dependencies: [libgnunetrest_dep, | ||
100 | libgnunetreclaim_dep, | ||
101 | libgnunetidentity_dep, | ||
102 | libgnunetgns_dep, | ||
103 | libgnunetutil_dep, | ||
104 | jose_dep, | ||
105 | gcrypt_dep, | ||
106 | json_dep, | ||
107 | mhd_dep], | ||
108 | include_directories: [incdir, configuration_inc], | ||
109 | install: true, | ||
110 | install_dir: get_option('libdir') / 'gnunet') | ||
111 | |||
112 | |||
113 | executable ('gnunet-reclaim', | ||
114 | 'gnunet-reclaim.c', | ||
115 | dependencies: [libgnunetreclaim_dep, | ||
116 | libgnunetidentity_dep, | ||
117 | libgnunetutil_dep], | ||
118 | include_directories: [incdir, configuration_inc], | ||
119 | install: true, | ||
120 | install_dir: get_option('bindir')) | ||
121 | executable ('gnunet-did', | ||
122 | 'gnunet-did.c', | ||
123 | dependencies: [libgnunetreclaim_dep, | ||
124 | libgnunetdid_dep, | ||
125 | libgnunetgns_dep, | ||
126 | libgnunetnamestore_dep, | ||
127 | libgnunetidentity_dep, | ||
128 | libgnunetutil_dep], | ||
129 | include_directories: [incdir, configuration_inc], | ||
130 | install: true, | ||
131 | install_dir: get_option('bindir')) | ||
132 | executable ('gnunet-service-reclaim', | ||
133 | gnunetservicereclaim_src, | ||
134 | dependencies: [libgnunetreclaim_dep, | ||
135 | libgnunetutil_dep, | ||
136 | libgnunetstatistics_dep, | ||
137 | libgnunetgnsrecord_dep, | ||
138 | libgnunetgns_dep, | ||
139 | libgnunetidentity_dep, | ||
140 | libgnunetnamestore_dep], | ||
141 | include_directories: [incdir, configuration_inc], | ||
142 | install: true, | ||
143 | install_dir: get_option('libdir') / 'gnunet' / 'libexec') | ||
144 | |||
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c deleted file mode 100644 index a2da7312b..000000000 --- a/src/reclaim/oidc_helper.c +++ /dev/null | |||
@@ -1,1026 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/oidc_helper.c | ||
23 | * @brief helper library for OIDC related functions | ||
24 | * @author Martin Schanzenbach | ||
25 | * @author Tristan Schwieren | ||
26 | */ | ||
27 | #include "platform.h" | ||
28 | #include <inttypes.h> | ||
29 | #include <jansson.h> | ||
30 | #include <jose/jose.h> | ||
31 | #include "gnunet_util_lib.h" | ||
32 | #include "gnunet_reclaim_lib.h" | ||
33 | #include "gnunet_reclaim_service.h" | ||
34 | #include "gnunet_signatures.h" | ||
35 | #include "oidc_helper.h" | ||
36 | // #include "benchmark.h" | ||
37 | #include <gcrypt.h> | ||
38 | |||
39 | GNUNET_NETWORK_STRUCT_BEGIN | ||
40 | |||
41 | /** | ||
42 | * The signature used to generate the authorization code | ||
43 | */ | ||
44 | struct OIDC_Parameters | ||
45 | { | ||
46 | /** | ||
47 | * The reclaim ticket | ||
48 | */ | ||
49 | struct GNUNET_RECLAIM_Ticket ticket; | ||
50 | |||
51 | /** | ||
52 | * The nonce length | ||
53 | */ | ||
54 | uint32_t nonce_len GNUNET_PACKED; | ||
55 | |||
56 | /** | ||
57 | * The length of the PKCE code_challenge | ||
58 | */ | ||
59 | uint32_t code_challenge_len GNUNET_PACKED; | ||
60 | |||
61 | /** | ||
62 | * The length of the attributes list | ||
63 | */ | ||
64 | uint32_t attr_list_len GNUNET_PACKED; | ||
65 | |||
66 | /** | ||
67 | * The length of the presentation list | ||
68 | */ | ||
69 | uint32_t pres_list_len GNUNET_PACKED; | ||
70 | }; | ||
71 | |||
72 | GNUNET_NETWORK_STRUCT_END | ||
73 | |||
74 | /** | ||
75 | * Standard claims represented by the "profile" scope in OIDC | ||
76 | */ | ||
77 | static char OIDC_profile_claims[14][32] = { | ||
78 | "name", "family_name", "given_name", "middle_name", "nickname", | ||
79 | "preferred_username", "profile", "picture", "website", "gender", "birthdate", | ||
80 | "zoneinfo", "locale", "updated_at" | ||
81 | }; | ||
82 | |||
83 | /** | ||
84 | * Standard claims represented by the "email" scope in OIDC | ||
85 | */ | ||
86 | static char OIDC_email_claims[2][16] = { | ||
87 | "email", "email_verified" | ||
88 | }; | ||
89 | |||
90 | /** | ||
91 | * Standard claims represented by the "phone" scope in OIDC | ||
92 | */ | ||
93 | static char OIDC_phone_claims[2][32] = { | ||
94 | "phone_number", "phone_number_verified" | ||
95 | }; | ||
96 | |||
97 | /** | ||
98 | * Standard claims represented by the "address" scope in OIDC | ||
99 | */ | ||
100 | static char OIDC_address_claims[5][32] = { | ||
101 | "street_address", "locality", "region", "postal_code", "country" | ||
102 | }; | ||
103 | |||
104 | static enum GNUNET_GenericReturnValue | ||
105 | is_claim_in_address_scope (const char *claim) | ||
106 | { | ||
107 | int i; | ||
108 | for (i = 0; i < 5; i++) | ||
109 | { | ||
110 | if (0 == strcmp (claim, OIDC_address_claims[i])) | ||
111 | { | ||
112 | return GNUNET_YES; | ||
113 | } | ||
114 | } | ||
115 | return GNUNET_NO; | ||
116 | } | ||
117 | |||
118 | |||
119 | static char * | ||
120 | create_jwt_hmac_header (void) | ||
121 | { | ||
122 | json_t *root; | ||
123 | char *json_str; | ||
124 | |||
125 | root = json_object (); | ||
126 | json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE_HMAC)); | ||
127 | json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); | ||
128 | |||
129 | json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT); | ||
130 | json_decref (root); | ||
131 | return json_str; | ||
132 | } | ||
133 | |||
134 | |||
135 | static void | ||
136 | replace_char (char *str, char find, char replace) | ||
137 | { | ||
138 | char *current_pos = strchr (str, find); | ||
139 | |||
140 | while (current_pos) | ||
141 | { | ||
142 | *current_pos = replace; | ||
143 | current_pos = strchr (current_pos, find); | ||
144 | } | ||
145 | } | ||
146 | |||
147 | |||
148 | // RFC4648 | ||
149 | static void | ||
150 | fix_base64 (char *str) | ||
151 | { | ||
152 | // Replace + with - | ||
153 | replace_char (str, '+', '-'); | ||
154 | |||
155 | // Replace / with _ | ||
156 | replace_char (str, '/', '_'); | ||
157 | } | ||
158 | |||
159 | |||
160 | static json_t* | ||
161 | generate_userinfo_json (const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
162 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
163 | const struct | ||
164 | GNUNET_RECLAIM_PresentationList *presentations) | ||
165 | { | ||
166 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
167 | struct GNUNET_RECLAIM_PresentationListEntry *ple; | ||
168 | char *subject; | ||
169 | char *source_name; | ||
170 | char *attr_val_str; | ||
171 | char *pres_val_str; | ||
172 | json_t *body; | ||
173 | json_t *aggr_names; | ||
174 | json_t *aggr_sources; | ||
175 | json_t *aggr_sources_jwt; | ||
176 | json_t *addr_claim = NULL; | ||
177 | int num_presentations = 0; | ||
178 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
179 | { | ||
180 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) | ||
181 | num_presentations++; | ||
182 | } | ||
183 | |||
184 | subject = | ||
185 | GNUNET_STRINGS_data_to_string_alloc (sub_key, | ||
186 | sizeof(struct | ||
187 | GNUNET_CRYPTO_PublicKey)); | ||
188 | body = json_object (); | ||
189 | aggr_names = json_object (); | ||
190 | aggr_sources = json_object (); | ||
191 | |||
192 | // iss REQUIRED case sensitive server uri with https | ||
193 | // The issuer is the local reclaim instance (e.g. | ||
194 | // https://reclaim.id/api/openid) | ||
195 | json_object_set_new (body, "iss", json_string (SERVER_ADDRESS)); | ||
196 | // sub REQUIRED public key identity, not exceed 255 ASCII length | ||
197 | json_object_set_new (body, "sub", json_string (subject)); | ||
198 | GNUNET_free (subject); | ||
199 | pres_val_str = NULL; | ||
200 | source_name = NULL; | ||
201 | int i = 0; | ||
202 | for (ple = presentations->list_head; NULL != ple; ple = ple->next) | ||
203 | { | ||
204 | // New presentation | ||
205 | GNUNET_asprintf (&source_name, | ||
206 | "src%d", | ||
207 | i); | ||
208 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
209 | "Adding new presentation source #%d\n", i); | ||
210 | aggr_sources_jwt = json_object (); | ||
211 | pres_val_str = | ||
212 | GNUNET_RECLAIM_presentation_value_to_string (ple->presentation->type, | ||
213 | ple->presentation->data, | ||
214 | ple->presentation->data_size); | ||
215 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
216 | "Presentation is: %s\n", pres_val_str); | ||
217 | json_object_set_new (aggr_sources_jwt, | ||
218 | GNUNET_RECLAIM_presentation_number_to_typename ( | ||
219 | ple->presentation->type), | ||
220 | json_string (pres_val_str) ); | ||
221 | json_object_set_new (aggr_sources, source_name, aggr_sources_jwt); | ||
222 | GNUNET_free (pres_val_str); | ||
223 | GNUNET_free (source_name); | ||
224 | source_name = NULL; | ||
225 | i++; | ||
226 | } | ||
227 | |||
228 | int addr_is_aggregated = GNUNET_NO; | ||
229 | int addr_is_normal = GNUNET_NO; | ||
230 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
231 | { | ||
232 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
233 | "Processing %s for userinfo body\n", | ||
234 | le->attribute->name); | ||
235 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) | ||
236 | { | ||
237 | attr_val_str = | ||
238 | GNUNET_RECLAIM_attribute_value_to_string (le->attribute->type, | ||
239 | le->attribute->data, | ||
240 | le->attribute->data_size); | ||
241 | /** | ||
242 | * There is this weird quirk that the individual address claim(s) must be | ||
243 | * inside a JSON object of the "address" claim. | ||
244 | */ | ||
245 | if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name)) | ||
246 | { | ||
247 | if (GNUNET_YES == addr_is_aggregated) | ||
248 | { | ||
249 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
250 | "Address is set as aggregated claim. Skipping self-issued value...\n"); | ||
251 | GNUNET_free (attr_val_str); | ||
252 | continue; | ||
253 | } | ||
254 | addr_is_normal = GNUNET_YES; | ||
255 | |||
256 | if (NULL == addr_claim) | ||
257 | { | ||
258 | addr_claim = json_object (); | ||
259 | json_object_set_new (body, "address", addr_claim); | ||
260 | } | ||
261 | json_object_set_new (addr_claim, le->attribute->name, | ||
262 | json_string (attr_val_str)); | ||
263 | |||
264 | } | ||
265 | else | ||
266 | { | ||
267 | json_object_set_new (body, le->attribute->name, | ||
268 | json_string (attr_val_str)); | ||
269 | } | ||
270 | GNUNET_free (attr_val_str); | ||
271 | } | ||
272 | else | ||
273 | { | ||
274 | // Check if presentation is there | ||
275 | int j = 0; | ||
276 | for (ple = presentations->list_head; NULL != ple; ple = ple->next) | ||
277 | { | ||
278 | if (GNUNET_YES == | ||
279 | GNUNET_RECLAIM_id_is_equal (&ple->presentation->credential_id, | ||
280 | &le->attribute->credential)) | ||
281 | break; | ||
282 | j++; | ||
283 | } | ||
284 | if (NULL == ple) | ||
285 | { | ||
286 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
287 | "Presentation for `%s' missing...\n", | ||
288 | le->attribute->name); | ||
289 | continue; | ||
290 | } | ||
291 | /** | ||
292 | * There is this weird quirk that the individual address claim(s) must be | ||
293 | * inside a JSON object of the "address" claim. | ||
294 | */ | ||
295 | if (GNUNET_YES == is_claim_in_address_scope (le->attribute->name)) | ||
296 | { | ||
297 | if (GNUNET_YES == addr_is_normal) | ||
298 | { | ||
299 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
300 | "Address is already set as normal claim. Skipping attested value...\n"); | ||
301 | continue; | ||
302 | } | ||
303 | addr_is_aggregated = GNUNET_YES; | ||
304 | /** This is/can only be set once! **/ | ||
305 | if (NULL != addr_claim) | ||
306 | continue; | ||
307 | addr_claim = json_object (); | ||
308 | GNUNET_asprintf (&source_name, | ||
309 | "src%d", | ||
310 | j); | ||
311 | json_object_set_new (aggr_names, "address", | ||
312 | json_string (source_name)); | ||
313 | GNUNET_free (source_name); | ||
314 | } | ||
315 | else | ||
316 | { | ||
317 | // Presentation exists, hence take the respective source str | ||
318 | GNUNET_asprintf (&source_name, | ||
319 | "src%d", | ||
320 | j); | ||
321 | json_object_set_new (aggr_names, le->attribute->name, | ||
322 | json_string (source_name)); | ||
323 | GNUNET_free (source_name); | ||
324 | } | ||
325 | } | ||
326 | } | ||
327 | if (0 != i) | ||
328 | { | ||
329 | json_object_set_new (body, "_claim_names", aggr_names); | ||
330 | json_object_set_new (body, "_claim_sources", aggr_sources); | ||
331 | } | ||
332 | |||
333 | return body; | ||
334 | } | ||
335 | |||
336 | |||
337 | /** | ||
338 | * Generate userinfo JSON as string | ||
339 | * | ||
340 | * @param sub_key the subject (user) | ||
341 | * @param attrs user attribute list | ||
342 | * @param presentations credential presentation list (may be empty) | ||
343 | * @return Userinfo JSON | ||
344 | */ | ||
345 | char * | ||
346 | OIDC_generate_userinfo (const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
347 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
348 | const struct | ||
349 | GNUNET_RECLAIM_PresentationList *presentations) | ||
350 | { | ||
351 | char *body_str; | ||
352 | json_t*body = generate_userinfo_json (sub_key, | ||
353 | attrs, | ||
354 | presentations); | ||
355 | body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT); | ||
356 | json_decref (body); | ||
357 | return body_str; | ||
358 | } | ||
359 | |||
360 | |||
361 | char * | ||
362 | generate_id_token_body (const struct GNUNET_CRYPTO_PublicKey *aud_key, | ||
363 | const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
364 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
365 | const struct | ||
366 | GNUNET_RECLAIM_PresentationList *presentations, | ||
367 | const struct GNUNET_TIME_Relative *expiration_time, | ||
368 | const char *nonce) | ||
369 | { | ||
370 | struct GNUNET_TIME_Absolute exp_time; | ||
371 | struct GNUNET_TIME_Absolute time_now; | ||
372 | json_t *body; | ||
373 | char *audience; | ||
374 | char *subject; | ||
375 | char *body_str; | ||
376 | |||
377 | body = generate_userinfo_json (sub_key, | ||
378 | attrs, | ||
379 | presentations); | ||
380 | // iat REQUIRED time now | ||
381 | time_now = GNUNET_TIME_absolute_get (); | ||
382 | // exp REQUIRED time expired from config | ||
383 | exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time); | ||
384 | // auth_time only if max_age | ||
385 | // nonce only if nonce | ||
386 | // OPTIONAL acr,amr,azp | ||
387 | subject = | ||
388 | GNUNET_STRINGS_data_to_string_alloc (sub_key, | ||
389 | sizeof(struct | ||
390 | GNUNET_CRYPTO_PublicKey)); | ||
391 | audience = | ||
392 | GNUNET_STRINGS_data_to_string_alloc (aud_key, | ||
393 | sizeof(struct | ||
394 | GNUNET_CRYPTO_PublicKey)); | ||
395 | |||
396 | // aud REQUIRED public key client_id must be there | ||
397 | json_object_set_new (body, "aud", json_string (audience)); | ||
398 | // iat | ||
399 | json_object_set_new (body, | ||
400 | "iat", | ||
401 | json_integer (time_now.abs_value_us / (1000 * 1000))); | ||
402 | // exp | ||
403 | json_object_set_new (body, | ||
404 | "exp", | ||
405 | json_integer (exp_time.abs_value_us / (1000 * 1000))); | ||
406 | // nbf | ||
407 | json_object_set_new (body, | ||
408 | "nbf", | ||
409 | json_integer (time_now.abs_value_us / (1000 * 1000))); | ||
410 | // nonce | ||
411 | if (NULL != nonce) | ||
412 | json_object_set_new (body, "nonce", json_string (nonce)); | ||
413 | |||
414 | // Error checking | ||
415 | body_str = json_dumps (body, JSON_INDENT (2) | JSON_COMPACT); | ||
416 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"ID-Token: %s\n", body_str); | ||
417 | |||
418 | json_decref (body); | ||
419 | GNUNET_free (subject); | ||
420 | GNUNET_free (audience); | ||
421 | |||
422 | return body_str; | ||
423 | } | ||
424 | |||
425 | |||
426 | char * | ||
427 | OIDC_generate_id_token_rsa (const struct GNUNET_CRYPTO_PublicKey *aud_key, | ||
428 | const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
429 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
430 | const struct | ||
431 | GNUNET_RECLAIM_PresentationList *presentations, | ||
432 | const struct GNUNET_TIME_Relative *expiration_time, | ||
433 | const char *nonce, | ||
434 | const json_t *secret_rsa_key) | ||
435 | { | ||
436 | json_t *jws; | ||
437 | char *body_str; | ||
438 | char *result; | ||
439 | |||
440 | // Generate the body of the JSON Web Signature | ||
441 | body_str = generate_id_token_body (aud_key, | ||
442 | sub_key, | ||
443 | attrs, | ||
444 | presentations, | ||
445 | expiration_time, | ||
446 | nonce); | ||
447 | |||
448 | if (NULL == body_str) | ||
449 | { | ||
450 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
451 | "Body for the JWS could not be generated\n"); | ||
452 | return NULL; | ||
453 | } | ||
454 | |||
455 | // Creating the JSON Web Signature. | ||
456 | jws = json_pack ("{s:o}", "payload", | ||
457 | jose_b64_enc (body_str, strlen (body_str))); | ||
458 | GNUNET_free (body_str); | ||
459 | |||
460 | if (! jose_jws_sig (NULL, jws, NULL, secret_rsa_key)) | ||
461 | { | ||
462 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
463 | "Signature generation failed\n"); | ||
464 | return NULL; | ||
465 | } | ||
466 | |||
467 | // Encoding JSON as compact JSON Web Signature | ||
468 | GNUNET_asprintf (&result, "%s.%s.%s", | ||
469 | json_string_value (json_object_get (jws, "protected")), | ||
470 | json_string_value (json_object_get (jws, "payload")), | ||
471 | json_string_value (json_object_get (jws, "signature")) ); | ||
472 | |||
473 | json_decref (jws); | ||
474 | return result; | ||
475 | } | ||
476 | |||
477 | /** | ||
478 | * Create a JWT using HMAC (HS256) from attributes | ||
479 | * | ||
480 | * @param aud_key the public of the audience | ||
481 | * @param sub_key the public key of the subject | ||
482 | * @param attrs the attribute list | ||
483 | * @param presentations credential presentation list (may be empty) | ||
484 | * @param expiration_time the validity of the token | ||
485 | * @param secret_key the key used to sign the JWT | ||
486 | * @return a new base64-encoded JWT string. | ||
487 | */ | ||
488 | char * | ||
489 | OIDC_generate_id_token_hmac (const struct GNUNET_CRYPTO_PublicKey *aud_key, | ||
490 | const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
491 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
492 | const struct | ||
493 | GNUNET_RECLAIM_PresentationList *presentations, | ||
494 | const struct GNUNET_TIME_Relative *expiration_time, | ||
495 | const char *nonce, | ||
496 | const char *secret_key) | ||
497 | { | ||
498 | struct GNUNET_HashCode signature; | ||
499 | char *header; | ||
500 | char *header_base64; | ||
501 | char *body_str; | ||
502 | char *body_base64; | ||
503 | char *signature_target; | ||
504 | char *signature_base64; | ||
505 | char *result; | ||
506 | |||
507 | // Generate and encode Header | ||
508 | header = create_jwt_hmac_header (); | ||
509 | if (NULL == header) | ||
510 | { | ||
511 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
512 | "Header for the JWS could not be generated\n"); | ||
513 | return NULL; | ||
514 | } | ||
515 | GNUNET_STRINGS_base64url_encode (header, strlen (header), &header_base64); | ||
516 | GNUNET_free (header); | ||
517 | fix_base64 (header_base64); | ||
518 | |||
519 | // Generate and encode the body of the JSON Web Signature | ||
520 | body_str = generate_id_token_body (aud_key, | ||
521 | sub_key, | ||
522 | attrs, | ||
523 | presentations, | ||
524 | expiration_time, | ||
525 | nonce); | ||
526 | |||
527 | if (NULL == body_str) | ||
528 | { | ||
529 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
530 | "Body for the JWS could not be generated\n"); | ||
531 | GNUNET_free (header_base64); | ||
532 | return NULL; | ||
533 | } | ||
534 | |||
535 | GNUNET_STRINGS_base64url_encode (body_str, strlen (body_str), &body_base64); | ||
536 | fix_base64 (body_base64); | ||
537 | |||
538 | /** | ||
539 | * Creating the JWT signature. This might not be | ||
540 | * standards compliant, check. | ||
541 | */ | ||
542 | GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); | ||
543 | GNUNET_CRYPTO_hmac_raw (secret_key, | ||
544 | strlen (secret_key), | ||
545 | signature_target, | ||
546 | strlen (signature_target), | ||
547 | &signature); | ||
548 | GNUNET_STRINGS_base64url_encode ((const char *) &signature, | ||
549 | sizeof(struct GNUNET_HashCode), | ||
550 | &signature_base64); | ||
551 | fix_base64 (signature_base64); | ||
552 | |||
553 | GNUNET_asprintf (&result, | ||
554 | "%s.%s.%s", | ||
555 | header_base64, | ||
556 | body_base64, | ||
557 | signature_base64); | ||
558 | |||
559 | GNUNET_free (header_base64); | ||
560 | GNUNET_free (body_str); | ||
561 | GNUNET_free (body_base64); | ||
562 | GNUNET_free (signature_target); | ||
563 | GNUNET_free (signature_base64); | ||
564 | return result; | ||
565 | } | ||
566 | |||
567 | |||
568 | /** | ||
569 | * Builds an OIDC authorization code including | ||
570 | * a reclaim ticket and nonce | ||
571 | * | ||
572 | * @param issuer the issuer of the ticket, used to sign the ticket and nonce | ||
573 | * @param ticket the ticket to include in the code | ||
574 | * @param attrs list of attributes which are shared | ||
575 | * @param presentations credential presentation list (may be empty) | ||
576 | * @param nonce the nonce to include in the code | ||
577 | * @param code_challenge PKCE code challenge | ||
578 | * @return a new authorization code (caller must free) | ||
579 | */ | ||
580 | char * | ||
581 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_PrivateKey *issuer, | ||
582 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
583 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
584 | const struct | ||
585 | GNUNET_RECLAIM_PresentationList *presentations, | ||
586 | const char *nonce_str, | ||
587 | const char *code_challenge) | ||
588 | { | ||
589 | struct OIDC_Parameters params; | ||
590 | char *code_payload; | ||
591 | char *payload; | ||
592 | char *tmp; | ||
593 | char *code_str; | ||
594 | char *buf_ptr = NULL; | ||
595 | size_t payload_len; | ||
596 | size_t code_payload_len; | ||
597 | size_t attr_list_len = 0; | ||
598 | size_t pres_list_len = 0; | ||
599 | size_t code_challenge_len = 0; | ||
600 | uint32_t nonce_len = 0; | ||
601 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
602 | |||
603 | /** PLAINTEXT **/ | ||
604 | // Assign ticket | ||
605 | memset (¶ms, 0, sizeof(params)); | ||
606 | params.ticket = *ticket; | ||
607 | // Assign nonce | ||
608 | payload_len = sizeof(struct OIDC_Parameters); | ||
609 | if ((NULL != nonce_str) && (strcmp ("", nonce_str) != 0)) | ||
610 | { | ||
611 | nonce_len = strlen (nonce_str); | ||
612 | payload_len += nonce_len; | ||
613 | } | ||
614 | params.nonce_len = htonl (nonce_len); | ||
615 | // Assign code challenge | ||
616 | if (NULL != code_challenge) | ||
617 | code_challenge_len = strlen (code_challenge); | ||
618 | payload_len += code_challenge_len; | ||
619 | params.code_challenge_len = htonl (code_challenge_len); | ||
620 | // Assign attributes | ||
621 | if (NULL != attrs) | ||
622 | { | ||
623 | // Get length | ||
624 | attr_list_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs); | ||
625 | params.attr_list_len = htonl (attr_list_len); | ||
626 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
627 | "Length of serialized attributes: %lu\n", | ||
628 | attr_list_len); | ||
629 | // Get serialized attributes | ||
630 | payload_len += attr_list_len; | ||
631 | } | ||
632 | if (NULL != presentations) | ||
633 | { | ||
634 | // Get length | ||
635 | // FIXME only add presentations relevant for attribute list!!! | ||
636 | // This is important because of the distinction between id_token and | ||
637 | // userinfo in OIDC | ||
638 | pres_list_len = | ||
639 | GNUNET_RECLAIM_presentation_list_serialize_get_size (presentations); | ||
640 | params.pres_list_len = htonl (pres_list_len); | ||
641 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
642 | "Length of serialized presentations: %lu\n", | ||
643 | pres_list_len); | ||
644 | // Get serialized attributes | ||
645 | payload_len += pres_list_len; | ||
646 | } | ||
647 | |||
648 | // Get plaintext length | ||
649 | payload = GNUNET_malloc (payload_len); | ||
650 | memcpy (payload, ¶ms, sizeof(params)); | ||
651 | tmp = payload + sizeof(params); | ||
652 | if (0 < code_challenge_len) | ||
653 | { | ||
654 | memcpy (tmp, code_challenge, code_challenge_len); | ||
655 | tmp += code_challenge_len; | ||
656 | } | ||
657 | if (0 < nonce_len) | ||
658 | { | ||
659 | memcpy (tmp, nonce_str, nonce_len); | ||
660 | tmp += nonce_len; | ||
661 | } | ||
662 | if (0 < attr_list_len) | ||
663 | GNUNET_RECLAIM_attribute_list_serialize (attrs, tmp); | ||
664 | tmp += attr_list_len; | ||
665 | if (0 < pres_list_len) | ||
666 | GNUNET_RECLAIM_presentation_list_serialize (presentations, tmp); | ||
667 | tmp += pres_list_len; | ||
668 | |||
669 | /** END **/ | ||
670 | |||
671 | // Get length | ||
672 | code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
673 | + payload_len + sizeof(struct | ||
674 | GNUNET_CRYPTO_Signature); | ||
675 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
676 | "Length of data to encode: %lu\n", | ||
677 | code_payload_len); | ||
678 | |||
679 | // Initialize code payload | ||
680 | code_payload = GNUNET_malloc (code_payload_len); | ||
681 | GNUNET_assert (NULL != code_payload); | ||
682 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; | ||
683 | purpose->size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
684 | + payload_len); | ||
685 | purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN); | ||
686 | // Store pubkey | ||
687 | buf_ptr = (char *) &purpose[1]; | ||
688 | memcpy (buf_ptr, payload, payload_len); | ||
689 | GNUNET_free (payload); | ||
690 | buf_ptr += payload_len; | ||
691 | // Sign and store signature | ||
692 | if (GNUNET_SYSERR == | ||
693 | GNUNET_CRYPTO_sign_ (issuer, | ||
694 | purpose, | ||
695 | (struct GNUNET_CRYPTO_Signature *) | ||
696 | buf_ptr)) | ||
697 | { | ||
698 | GNUNET_break (0); | ||
699 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); | ||
700 | GNUNET_free (code_payload); | ||
701 | return NULL; | ||
702 | } | ||
703 | GNUNET_STRINGS_base64url_encode (code_payload, code_payload_len, &code_str); | ||
704 | GNUNET_free (code_payload); | ||
705 | return code_str; | ||
706 | } | ||
707 | |||
708 | |||
709 | enum GNUNET_GenericReturnValue | ||
710 | check_code_challenge (const char *code_challenge, | ||
711 | uint32_t code_challenge_len, | ||
712 | const char *code_verifier) | ||
713 | { | ||
714 | char *code_verifier_hash; | ||
715 | char *expected_code_challenge; | ||
716 | |||
717 | if (0 == code_challenge_len) /* Only check if this code requires a CV */ | ||
718 | return GNUNET_OK; | ||
719 | if (NULL == code_verifier) | ||
720 | { | ||
721 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
722 | "Expected code verifier!\n"); | ||
723 | return GNUNET_SYSERR; | ||
724 | } | ||
725 | code_verifier_hash = GNUNET_malloc (256 / 8); | ||
726 | // hash code verifier | ||
727 | gcry_md_hash_buffer (GCRY_MD_SHA256, | ||
728 | code_verifier_hash, | ||
729 | code_verifier, | ||
730 | strlen (code_verifier)); | ||
731 | // encode code verifier | ||
732 | GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8, | ||
733 | &expected_code_challenge); | ||
734 | GNUNET_free (code_verifier_hash); | ||
735 | if (0 != | ||
736 | strncmp (expected_code_challenge, code_challenge, code_challenge_len)) | ||
737 | { | ||
738 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
739 | "Invalid code verifier! Expected: %s, Got: %.*s\n", | ||
740 | expected_code_challenge, | ||
741 | code_challenge_len, | ||
742 | code_challenge); | ||
743 | GNUNET_free (expected_code_challenge); | ||
744 | return GNUNET_SYSERR; | ||
745 | } | ||
746 | GNUNET_free (expected_code_challenge); | ||
747 | return GNUNET_OK; | ||
748 | } | ||
749 | |||
750 | |||
751 | /** | ||
752 | * Parse reclaim ticket and nonce from | ||
753 | * authorization code. | ||
754 | * This also verifies the signature in the code. | ||
755 | * | ||
756 | * @param audience the expected audience of the code | ||
757 | * @param code the string representation of the code | ||
758 | * @param code_verfier PKCE code verifier. Optional, must be provided | ||
759 | * if used in request. | ||
760 | * @param ticket where to store the ticket | ||
761 | * @param attrs the attributes in the code | ||
762 | * @param presentations credential presentation list | ||
763 | * @param nonce_str where to store the nonce (if contained) | ||
764 | * @return GNUNET_OK if successful, else GNUNET_SYSERR | ||
765 | */ | ||
766 | int | ||
767 | OIDC_parse_authz_code (const struct GNUNET_CRYPTO_PublicKey *audience, | ||
768 | const char *code, | ||
769 | const char *code_verifier, | ||
770 | struct GNUNET_RECLAIM_Ticket *ticket, | ||
771 | struct GNUNET_RECLAIM_AttributeList **attrs, | ||
772 | struct GNUNET_RECLAIM_PresentationList **presentations, | ||
773 | char **nonce_str, | ||
774 | enum OIDC_VerificationOptions opts) | ||
775 | { | ||
776 | char *code_payload; | ||
777 | char *ptr; | ||
778 | char *plaintext; | ||
779 | char *attrs_ser; | ||
780 | char *presentations_ser; | ||
781 | char *code_challenge; | ||
782 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
783 | struct GNUNET_CRYPTO_Signature *signature; | ||
784 | uint32_t code_challenge_len; | ||
785 | uint32_t attrs_ser_len; | ||
786 | uint32_t pres_ser_len; | ||
787 | size_t plaintext_len; | ||
788 | size_t code_payload_len; | ||
789 | uint32_t nonce_len = 0; | ||
790 | struct OIDC_Parameters *params; | ||
791 | |||
792 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code); | ||
793 | code_payload = NULL; | ||
794 | code_payload_len = | ||
795 | GNUNET_STRINGS_base64url_decode (code, strlen (code), | ||
796 | (void **) &code_payload); | ||
797 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | ||
798 | + sizeof(struct OIDC_Parameters) | ||
799 | + sizeof(struct GNUNET_CRYPTO_Signature)) | ||
800 | { | ||
801 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n"); | ||
802 | GNUNET_free (code_payload); | ||
803 | return GNUNET_SYSERR; | ||
804 | } | ||
805 | |||
806 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload; | ||
807 | plaintext_len = code_payload_len; | ||
808 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose); | ||
809 | ptr = (char *) &purpose[1]; | ||
810 | plaintext_len -= sizeof(struct GNUNET_CRYPTO_Signature); | ||
811 | plaintext = ptr; | ||
812 | ptr += plaintext_len; | ||
813 | signature = (struct GNUNET_CRYPTO_Signature *) ptr; | ||
814 | params = (struct OIDC_Parameters *) plaintext; | ||
815 | |||
816 | // cmp code_challenge code_verifier | ||
817 | code_challenge_len = ntohl (params->code_challenge_len); | ||
818 | code_challenge = ((char *) ¶ms[1]); | ||
819 | if (! (opts & OIDC_VERIFICATION_NO_CODE_VERIFIER)) | ||
820 | { | ||
821 | if (GNUNET_OK != check_code_challenge (code_challenge, | ||
822 | code_challenge_len, | ||
823 | code_verifier)) | ||
824 | { | ||
825 | GNUNET_free (code_payload); | ||
826 | return GNUNET_SYSERR; | ||
827 | } | ||
828 | } | ||
829 | nonce_len = ntohl (params->nonce_len); | ||
830 | if (0 != nonce_len) | ||
831 | { | ||
832 | *nonce_str = GNUNET_strndup (code_challenge + code_challenge_len, | ||
833 | nonce_len); | ||
834 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %s\n", *nonce_str); | ||
835 | } | ||
836 | |||
837 | // Ticket | ||
838 | memcpy (ticket, ¶ms->ticket, sizeof(params->ticket)); | ||
839 | // Signature | ||
840 | // GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub); | ||
841 | if (0 != GNUNET_memcmp (audience, &ticket->audience)) | ||
842 | { | ||
843 | GNUNET_free (code_payload); | ||
844 | if (NULL != *nonce_str) | ||
845 | GNUNET_free (*nonce_str); | ||
846 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
847 | "Audience in ticket does not match client!\n"); | ||
848 | return GNUNET_SYSERR; | ||
849 | } | ||
850 | if (GNUNET_OK != | ||
851 | GNUNET_CRYPTO_signature_verify_ ( | ||
852 | GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, | ||
853 | purpose, | ||
854 | signature, | ||
855 | &(ticket->identity))) | ||
856 | { | ||
857 | GNUNET_free (code_payload); | ||
858 | if (NULL != *nonce_str) | ||
859 | GNUNET_free (*nonce_str); | ||
860 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n"); | ||
861 | return GNUNET_SYSERR; | ||
862 | } | ||
863 | // Attributes | ||
864 | attrs_ser = ((char *) ¶ms[1]) + code_challenge_len + nonce_len; | ||
865 | attrs_ser_len = ntohl (params->attr_list_len); | ||
866 | *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len); | ||
867 | presentations_ser = ((char*) attrs_ser) + attrs_ser_len; | ||
868 | pres_ser_len = ntohl (params->pres_list_len); | ||
869 | *presentations = | ||
870 | GNUNET_RECLAIM_presentation_list_deserialize (presentations_ser, | ||
871 | pres_ser_len); | ||
872 | |||
873 | GNUNET_free (code_payload); | ||
874 | return GNUNET_OK; | ||
875 | } | ||
876 | |||
877 | |||
878 | /** | ||
879 | * Build a token response for a token request | ||
880 | * TODO: Maybe we should add the scope here? | ||
881 | * | ||
882 | * @param access_token the access token to include | ||
883 | * @param id_token the id_token to include | ||
884 | * @param expiration_time the expiration time of the token(s) | ||
885 | * @param token_response where to store the response | ||
886 | */ | ||
887 | void | ||
888 | OIDC_build_token_response (const char *access_token, | ||
889 | const char *id_token, | ||
890 | const struct GNUNET_TIME_Relative *expiration_time, | ||
891 | char **token_response) | ||
892 | { | ||
893 | json_t *root_json; | ||
894 | |||
895 | root_json = json_object (); | ||
896 | |||
897 | GNUNET_assert (NULL != access_token); | ||
898 | GNUNET_assert (NULL != id_token); | ||
899 | GNUNET_assert (NULL != expiration_time); | ||
900 | json_object_set_new (root_json, "access_token", json_string (access_token)); | ||
901 | json_object_set_new (root_json, "token_type", json_string ("Bearer")); | ||
902 | json_object_set_new (root_json, | ||
903 | "expires_in", | ||
904 | json_integer (expiration_time->rel_value_us | ||
905 | / (1000 * 1000))); | ||
906 | json_object_set_new (root_json, "id_token", json_string (id_token)); | ||
907 | *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT); | ||
908 | json_decref (root_json); | ||
909 | } | ||
910 | |||
911 | |||
912 | /** | ||
913 | * Generate a new access token | ||
914 | */ | ||
915 | char * | ||
916 | OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket) | ||
917 | { | ||
918 | char *access_token; | ||
919 | |||
920 | GNUNET_STRINGS_base64_encode (ticket, | ||
921 | sizeof(*ticket), | ||
922 | &access_token); | ||
923 | return access_token; | ||
924 | } | ||
925 | |||
926 | |||
927 | /** | ||
928 | * Parse an access token | ||
929 | */ | ||
930 | int | ||
931 | OIDC_access_token_parse (const char *token, | ||
932 | struct GNUNET_RECLAIM_Ticket **ticket) | ||
933 | { | ||
934 | size_t sret; | ||
935 | char *decoded; | ||
936 | sret = GNUNET_STRINGS_base64_decode (token, | ||
937 | strlen (token), | ||
938 | (void**) &decoded); | ||
939 | if (sizeof (struct GNUNET_RECLAIM_Ticket) != sret) | ||
940 | { | ||
941 | GNUNET_free (decoded); | ||
942 | return GNUNET_SYSERR; | ||
943 | } | ||
944 | *ticket = (struct GNUNET_RECLAIM_Ticket *) decoded; | ||
945 | return GNUNET_OK; | ||
946 | } | ||
947 | |||
948 | |||
949 | /** | ||
950 | * Checks if a claim is implicitly requested through standard | ||
951 | * scope(s) or explicitly through non-standard scope. | ||
952 | * | ||
953 | * @param scopes the scopes which have been requested | ||
954 | * @param attr the attribute name to check | ||
955 | * @return GNUNET_YES if attribute is implcitly requested | ||
956 | */ | ||
957 | enum GNUNET_GenericReturnValue | ||
958 | OIDC_check_scopes_for_claim_request (const char*scopes, | ||
959 | const char*attr) | ||
960 | { | ||
961 | char *scope_variables; | ||
962 | char *scope_variable; | ||
963 | char delimiter[] = " "; | ||
964 | int i; | ||
965 | |||
966 | scope_variables = GNUNET_strdup (scopes); | ||
967 | scope_variable = strtok (scope_variables, delimiter); | ||
968 | while (NULL != scope_variable) | ||
969 | { | ||
970 | if (0 == strcmp ("profile", scope_variable)) | ||
971 | { | ||
972 | for (i = 0; i < 14; i++) | ||
973 | { | ||
974 | if (0 == strcmp (attr, OIDC_profile_claims[i])) | ||
975 | { | ||
976 | GNUNET_free (scope_variables); | ||
977 | return GNUNET_YES; | ||
978 | } | ||
979 | } | ||
980 | } | ||
981 | else if (0 == strcmp ("address", scope_variable)) | ||
982 | { | ||
983 | for (i = 0; i < 5; i++) | ||
984 | { | ||
985 | if (0 == strcmp (attr, OIDC_address_claims[i])) | ||
986 | { | ||
987 | GNUNET_free (scope_variables); | ||
988 | return GNUNET_YES; | ||
989 | } | ||
990 | } | ||
991 | } | ||
992 | else if (0 == strcmp ("email", scope_variable)) | ||
993 | { | ||
994 | for (i = 0; i < 2; i++) | ||
995 | { | ||
996 | if (0 == strcmp (attr, OIDC_email_claims[i])) | ||
997 | { | ||
998 | GNUNET_free (scope_variables); | ||
999 | return GNUNET_YES; | ||
1000 | } | ||
1001 | } | ||
1002 | } | ||
1003 | else if (0 == strcmp ("phone", scope_variable)) | ||
1004 | { | ||
1005 | for (i = 0; i < 2; i++) | ||
1006 | { | ||
1007 | if (0 == strcmp (attr, OIDC_phone_claims[i])) | ||
1008 | { | ||
1009 | GNUNET_free (scope_variables); | ||
1010 | return GNUNET_YES; | ||
1011 | } | ||
1012 | } | ||
1013 | |||
1014 | } | ||
1015 | else if (0 == strcmp (attr, scope_variable)) | ||
1016 | { | ||
1017 | /** attribute matches requested scope **/ | ||
1018 | GNUNET_free (scope_variables); | ||
1019 | return GNUNET_YES; | ||
1020 | } | ||
1021 | scope_variable = strtok (NULL, delimiter); | ||
1022 | } | ||
1023 | GNUNET_free (scope_variables); | ||
1024 | return GNUNET_NO; | ||
1025 | |||
1026 | } | ||
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h deleted file mode 100644 index de788fbdb..000000000 --- a/src/reclaim/oidc_helper.h +++ /dev/null | |||
@@ -1,196 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/oidc_helper.h | ||
23 | * @brief helper library for OIDC related functions | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | |||
27 | #ifndef JWT_H | ||
28 | #define JWT_H | ||
29 | |||
30 | #define JWT_ALG "alg" | ||
31 | #define JWT_TYP "typ" | ||
32 | #define JWT_TYP_VALUE "jwt" | ||
33 | |||
34 | #define JWT_ALG_VALUE_HMAC "HS512" | ||
35 | #define JWT_ALG_VALUE_RSA "RS256" | ||
36 | |||
37 | #define SERVER_ADDRESS "http://localhost:7776" | ||
38 | |||
39 | enum OIDC_VerificationOptions | ||
40 | { | ||
41 | /** | ||
42 | * Strict verification | ||
43 | */ | ||
44 | OIDC_VERIFICATION_DEFAULT = 0, | ||
45 | |||
46 | /** | ||
47 | * Do not check code verifier even if expected | ||
48 | */ | ||
49 | OIDC_VERIFICATION_NO_CODE_VERIFIER = 1 | ||
50 | }; | ||
51 | |||
52 | /** | ||
53 | * Create a JWT using RSA256 algorithm from attributes | ||
54 | * | ||
55 | * @param aud_key the public of the audience | ||
56 | * @param sub_key the public key of the subject | ||
57 | * @param attrs the attribute list | ||
58 | * @param presentations credential presentation list (may be empty) | ||
59 | * @param expiration_time the validity of the token | ||
60 | * @param secret_rsa_key the key used to sign the JWT | ||
61 | * @return a new base64-encoded JWT string. | ||
62 | */ | ||
63 | char * | ||
64 | OIDC_generate_id_token_rsa (const struct GNUNET_CRYPTO_PublicKey *aud_key, | ||
65 | const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
66 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
67 | const struct | ||
68 | GNUNET_RECLAIM_PresentationList *presentations, | ||
69 | const struct GNUNET_TIME_Relative *expiration_time, | ||
70 | const char *nonce, | ||
71 | const json_t *secret_rsa_key); | ||
72 | |||
73 | /** | ||
74 | * Create a JWT using HMAC (HS256) from attributes | ||
75 | * | ||
76 | * @param aud_key the public of the audience | ||
77 | * @param sub_key the public key of the subject | ||
78 | * @param attrs the attribute list | ||
79 | * @param presentations credential presentation list (may be empty) | ||
80 | * @param expiration_time the validity of the token | ||
81 | * @param secret_key the key used to sign the JWT | ||
82 | * @return a new base64-encoded JWT string. | ||
83 | */ | ||
84 | char* | ||
85 | OIDC_generate_id_token_hmac (const struct GNUNET_CRYPTO_PublicKey *aud_key, | ||
86 | const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
87 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
88 | const struct | ||
89 | GNUNET_RECLAIM_PresentationList *presentations, | ||
90 | const struct GNUNET_TIME_Relative *expiration_time, | ||
91 | const char *nonce, | ||
92 | const char *secret_key); | ||
93 | |||
94 | /** | ||
95 | * Builds an OIDC authorization code including | ||
96 | * a reclaim ticket and nonce | ||
97 | * | ||
98 | * @param issuer the issuer of the ticket, used to sign the ticket and nonce | ||
99 | * @param ticket the ticket to include in the code | ||
100 | * @param attrs list of attributes to share | ||
101 | * @param presentations credential presentation list | ||
102 | * @param nonce the nonce to include in the code | ||
103 | * @param code_challenge PKCE code challenge | ||
104 | * @param opts verification options | ||
105 | * @return a new authorization code (caller must free) | ||
106 | */ | ||
107 | char* | ||
108 | OIDC_build_authz_code (const struct GNUNET_CRYPTO_PrivateKey *issuer, | ||
109 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
110 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
111 | const struct | ||
112 | GNUNET_RECLAIM_PresentationList *presentations, | ||
113 | const char *nonce, | ||
114 | const char *code_challenge); | ||
115 | |||
116 | /** | ||
117 | * Parse reclaim ticket and nonce from | ||
118 | * authorization code. | ||
119 | * This also verifies the signature in the code. | ||
120 | * | ||
121 | * @param ecdsa_priv the audience of the ticket | ||
122 | * @param code the string representation of the code | ||
123 | * @param code_verfier PKCE code verifier | ||
124 | * @param ticket where to store the ticket | ||
125 | * @param attrs the attributes found in the code | ||
126 | * @param presentations credential presentation list | ||
127 | * @param nonce where to store the nonce | ||
128 | * @return GNUNET_OK if successful, else GNUNET_SYSERR | ||
129 | */ | ||
130 | int | ||
131 | OIDC_parse_authz_code (const struct GNUNET_CRYPTO_PublicKey *ecdsa_pub, | ||
132 | const char *code, | ||
133 | const char *code_verifier, | ||
134 | struct GNUNET_RECLAIM_Ticket *ticket, | ||
135 | struct GNUNET_RECLAIM_AttributeList **attrs, | ||
136 | struct GNUNET_RECLAIM_PresentationList **presentations, | ||
137 | char **nonce, | ||
138 | enum OIDC_VerificationOptions opts); | ||
139 | |||
140 | /** | ||
141 | * Build a token response for a token request | ||
142 | * TODO: Maybe we should add the scope here? | ||
143 | * | ||
144 | * @param access_token the access token to include | ||
145 | * @param id_token the id_token to include | ||
146 | * @param expiration_time the expiration time of the token(s) | ||
147 | * @param token_response where to store the response | ||
148 | */ | ||
149 | void | ||
150 | OIDC_build_token_response (const char *access_token, | ||
151 | const char *id_token, | ||
152 | const struct GNUNET_TIME_Relative *expiration_time, | ||
153 | char **token_response); | ||
154 | |||
155 | /** | ||
156 | * Generate a new access token | ||
157 | */ | ||
158 | char* | ||
159 | OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket); | ||
160 | |||
161 | /** | ||
162 | * Parse an access token | ||
163 | */ | ||
164 | int | ||
165 | OIDC_access_token_parse (const char *token, | ||
166 | struct GNUNET_RECLAIM_Ticket **ticket); | ||
167 | |||
168 | |||
169 | /** | ||
170 | * Checks if a claim is implicitly requested through standard | ||
171 | * scope(s) | ||
172 | * | ||
173 | * @param scopes the scopes which have been requested | ||
174 | * @param attr the attribute name to check | ||
175 | * @return GNUNET_YES if attribute is implcitly requested | ||
176 | */ | ||
177 | enum GNUNET_GenericReturnValue | ||
178 | OIDC_check_scopes_for_claim_request (const char *scopes, | ||
179 | const char *attr); | ||
180 | |||
181 | |||
182 | /** | ||
183 | * Generate userinfo JSON as string | ||
184 | * | ||
185 | * @param sub_key the subject (user) | ||
186 | * @param attrs user attribute list | ||
187 | * @param presentations credential presentation list | ||
188 | * @return Userinfo JSON | ||
189 | */ | ||
190 | char * | ||
191 | OIDC_generate_userinfo (const struct GNUNET_CRYPTO_PublicKey *sub_key, | ||
192 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
193 | const struct | ||
194 | GNUNET_RECLAIM_PresentationList *presentations); | ||
195 | |||
196 | #endif | ||
diff --git a/src/reclaim/pabc_helper.c b/src/reclaim/pabc_helper.c deleted file mode 100644 index 65a633f7b..000000000 --- a/src/reclaim/pabc_helper.c +++ /dev/null | |||
@@ -1,366 +0,0 @@ | |||
1 | // maximilian.kaul@aisec.fraunhofer.de | ||
2 | |||
3 | // WIP implementation of | ||
4 | // https://github.com/ontio/ontology-crypto/wiki/Anonymous-Credential | ||
5 | // using the relic library https://github.com/relic-toolkit/relic/ | ||
6 | |||
7 | #include "platform.h" | ||
8 | #include "pabc_helper.h" | ||
9 | #include <pwd.h> | ||
10 | #include <stdlib.h> | ||
11 | #include <unistd.h> | ||
12 | |||
13 | static char pabc_dir[PATH_MAX + 1]; | ||
14 | |||
15 | static const char * | ||
16 | get_homedir () | ||
17 | { | ||
18 | const char *homedir; | ||
19 | if ((homedir = getenv ("HOME")) == NULL) | ||
20 | { | ||
21 | homedir = getpwuid (getuid ())->pw_dir; | ||
22 | } | ||
23 | return homedir; | ||
24 | } | ||
25 | |||
26 | |||
27 | static enum GNUNET_GenericReturnValue | ||
28 | write_file (char const *const filename, const char *buffer) | ||
29 | { | ||
30 | struct GNUNET_DISK_FileHandle *fh; | ||
31 | fh = GNUNET_DISK_file_open (filename, | ||
32 | GNUNET_DISK_OPEN_WRITE | ||
33 | | GNUNET_DISK_OPEN_TRUNCATE | ||
34 | | GNUNET_DISK_OPEN_CREATE, | ||
35 | GNUNET_DISK_PERM_USER_WRITE | ||
36 | | GNUNET_DISK_PERM_USER_READ); | ||
37 | if (fh == NULL) | ||
38 | return GNUNET_SYSERR; | ||
39 | if (GNUNET_SYSERR == GNUNET_DISK_file_write (fh, | ||
40 | buffer, strlen (buffer) + 1)) | ||
41 | goto fail; | ||
42 | GNUNET_DISK_file_close (fh); | ||
43 | return GNUNET_OK; | ||
44 | |||
45 | fail: | ||
46 | GNUNET_DISK_file_close (fh); | ||
47 | return GNUNET_SYSERR; | ||
48 | } | ||
49 | |||
50 | |||
51 | static enum GNUNET_GenericReturnValue | ||
52 | init_pabc_dir () | ||
53 | { | ||
54 | size_t filename_size = strlen (get_homedir ()) + 1 + strlen (".local") + 1 | ||
55 | + strlen ("pabc-reclaim") + 1; | ||
56 | snprintf (pabc_dir, filename_size, "%s/%s/%s", | ||
57 | get_homedir (), ".local", "pabc-reclaim"); | ||
58 | return GNUNET_DISK_directory_create (pabc_dir); | ||
59 | } | ||
60 | |||
61 | |||
62 | static const char * | ||
63 | get_pabcdir () | ||
64 | { | ||
65 | init_pabc_dir (); | ||
66 | return pabc_dir; | ||
67 | } | ||
68 | |||
69 | |||
70 | enum GNUNET_GenericReturnValue | ||
71 | read_file (char const *const filename, char **buffer) | ||
72 | { | ||
73 | struct GNUNET_DISK_FileHandle *fh; | ||
74 | if (GNUNET_YES != GNUNET_DISK_file_test (filename)) | ||
75 | return GNUNET_SYSERR; | ||
76 | |||
77 | fh = GNUNET_DISK_file_open (filename, | ||
78 | GNUNET_DISK_OPEN_READ, | ||
79 | GNUNET_DISK_PERM_USER_READ); | ||
80 | if (fh == NULL) | ||
81 | return GNUNET_SYSERR; | ||
82 | long lSize = GNUNET_DISK_file_seek (fh, 0, GNUNET_DISK_SEEK_END); | ||
83 | if (lSize < 0) | ||
84 | goto fail; | ||
85 | GNUNET_DISK_file_seek (fh, 0, GNUNET_DISK_SEEK_SET); | ||
86 | *buffer = calloc ((size_t) lSize + 1, sizeof(char)); | ||
87 | if (*buffer == NULL) | ||
88 | goto fail; | ||
89 | |||
90 | // copy the file into the buffer: | ||
91 | size_t r = GNUNET_DISK_file_read (fh, *buffer, (size_t) lSize); | ||
92 | if (r != (size_t) lSize) | ||
93 | goto fail; | ||
94 | |||
95 | GNUNET_DISK_file_close (fh); | ||
96 | return GNUNET_OK; | ||
97 | |||
98 | fail: | ||
99 | GNUNET_DISK_file_close (fh); | ||
100 | GNUNET_free (*buffer); | ||
101 | return GNUNET_SYSERR; | ||
102 | } | ||
103 | |||
104 | |||
105 | struct pabc_public_parameters * | ||
106 | PABC_read_issuer_ppfile (const char *f, struct pabc_context *const ctx) | ||
107 | { | ||
108 | if (NULL == ctx) | ||
109 | { | ||
110 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No global context provided\n"); | ||
111 | return NULL; | ||
112 | } | ||
113 | struct pabc_public_parameters *pp; | ||
114 | char *buffer; | ||
115 | int r; | ||
116 | r = read_file (f, &buffer); | ||
117 | if (GNUNET_OK != r) | ||
118 | { | ||
119 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error reading file\n"); | ||
120 | return NULL; | ||
121 | } | ||
122 | if (PABC_OK != pabc_decode_and_new_public_parameters (ctx, &pp, buffer)) | ||
123 | { | ||
124 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
125 | "Failed to decode public parameters\n"); | ||
126 | PABC_FREE_NULL (buffer); | ||
127 | return NULL; | ||
128 | } | ||
129 | PABC_FREE_NULL (buffer); | ||
130 | return pp; | ||
131 | } | ||
132 | |||
133 | |||
134 | enum GNUNET_GenericReturnValue | ||
135 | PABC_load_public_parameters (struct pabc_context *const ctx, | ||
136 | char const *const pp_name, | ||
137 | struct pabc_public_parameters **pp) | ||
138 | { | ||
139 | char fname[PATH_MAX]; | ||
140 | char *pp_filename; | ||
141 | const char *pdir = get_pabcdir (); | ||
142 | |||
143 | if (ctx == NULL) | ||
144 | return GNUNET_SYSERR; | ||
145 | if (pp_name == NULL) | ||
146 | return GNUNET_SYSERR; | ||
147 | |||
148 | GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); | ||
149 | if (GNUNET_YES != GNUNET_DISK_directory_test (pdir, GNUNET_YES)) | ||
150 | { | ||
151 | GNUNET_free (pp_filename); | ||
152 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error reading %s\n", pdir); | ||
153 | return GNUNET_SYSERR; | ||
154 | } | ||
155 | snprintf (fname, PATH_MAX, "%s/%s%s", pdir, pp_filename, PABC_PP_EXT); | ||
156 | if (GNUNET_YES != GNUNET_DISK_file_test (fname)) | ||
157 | { | ||
158 | GNUNET_free (pp_filename); | ||
159 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error testing %s\n", fname); | ||
160 | return GNUNET_SYSERR; | ||
161 | } | ||
162 | *pp = PABC_read_issuer_ppfile (fname, ctx); | ||
163 | if (*pp) | ||
164 | return GNUNET_OK; | ||
165 | else | ||
166 | return GNUNET_SYSERR; | ||
167 | } | ||
168 | |||
169 | |||
170 | enum GNUNET_GenericReturnValue | ||
171 | PABC_write_public_parameters (char const *const pp_name, | ||
172 | struct pabc_public_parameters *const pp) | ||
173 | { | ||
174 | char *json; | ||
175 | char *filename; | ||
176 | char *pp_filename; | ||
177 | enum pabc_status status; | ||
178 | struct pabc_context *ctx = NULL; | ||
179 | |||
180 | GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); | ||
181 | PABC_ASSERT (pabc_new_ctx (&ctx)); | ||
182 | // store in json file | ||
183 | status = pabc_encode_public_parameters (ctx, pp, &json); | ||
184 | if (status != PABC_OK) | ||
185 | { | ||
186 | GNUNET_free (pp_filename); | ||
187 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
188 | "Failed to encode public parameters.\n"); | ||
189 | pabc_free_ctx (&ctx); | ||
190 | return GNUNET_SYSERR; | ||
191 | } | ||
192 | |||
193 | size_t filename_size = | ||
194 | strlen (get_pabcdir ()) + 1 + strlen (pp_filename) + strlen (PABC_PP_EXT) | ||
195 | + 1; | ||
196 | filename = GNUNET_malloc (filename_size); | ||
197 | if (! filename) | ||
198 | { | ||
199 | GNUNET_free (pp_filename); | ||
200 | PABC_FREE_NULL (json); | ||
201 | pabc_free_ctx (&ctx); | ||
202 | return GNUNET_SYSERR; | ||
203 | } | ||
204 | snprintf (filename, filename_size, "%s/%s%s", get_pabcdir (), pp_filename, | ||
205 | PABC_PP_EXT); | ||
206 | |||
207 | GNUNET_free (pp_filename); | ||
208 | if (GNUNET_OK != write_file (filename, json)) | ||
209 | { | ||
210 | PABC_FREE_NULL (filename); | ||
211 | PABC_FREE_NULL (json); | ||
212 | pabc_free_ctx (&ctx); | ||
213 | return GNUNET_SYSERR; | ||
214 | } | ||
215 | PABC_FREE_NULL (filename); | ||
216 | PABC_FREE_NULL (json); | ||
217 | pabc_free_ctx (&ctx); | ||
218 | return GNUNET_OK; | ||
219 | } | ||
220 | |||
221 | |||
222 | enum GNUNET_GenericReturnValue | ||
223 | PABC_write_usr_ctx (char const *const usr_name, | ||
224 | char const *const pp_name, | ||
225 | struct pabc_context const *const ctx, | ||
226 | struct pabc_public_parameters const *const pp, | ||
227 | struct pabc_user_context *const usr_ctx) | ||
228 | { | ||
229 | |||
230 | char *pp_filename; | ||
231 | char *json = NULL; | ||
232 | enum pabc_status status; | ||
233 | char *fname = NULL; | ||
234 | |||
235 | if (NULL == usr_name) | ||
236 | { | ||
237 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer given.\n"); | ||
238 | return GNUNET_SYSERR; | ||
239 | } | ||
240 | if (NULL == pp_name) | ||
241 | { | ||
242 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user given.\n"); | ||
243 | return GNUNET_SYSERR; | ||
244 | } | ||
245 | if (NULL == ctx) | ||
246 | { | ||
247 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No context given.\n"); | ||
248 | return GNUNET_SYSERR; | ||
249 | } | ||
250 | if (NULL == pp) | ||
251 | { | ||
252 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No public parameters given.\n"); | ||
253 | return GNUNET_SYSERR; | ||
254 | } | ||
255 | if (NULL == usr_ctx) | ||
256 | { | ||
257 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n"); | ||
258 | return GNUNET_SYSERR; | ||
259 | } | ||
260 | |||
261 | GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); | ||
262 | status = pabc_encode_user_ctx (ctx, pp, usr_ctx, &json); | ||
263 | if (PABC_OK != status) | ||
264 | { | ||
265 | GNUNET_free (pp_filename); | ||
266 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to encode user context.\n"); | ||
267 | return status; | ||
268 | } | ||
269 | |||
270 | size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1 | ||
271 | + strlen (pp_filename) + strlen (PABC_USR_EXT) + 1; | ||
272 | fname = GNUNET_malloc (fname_size); | ||
273 | |||
274 | snprintf (fname, fname_size, "%s/%s_%s%s", get_pabcdir (), usr_name, | ||
275 | pp_filename, | ||
276 | PABC_USR_EXT); | ||
277 | |||
278 | GNUNET_free (pp_filename); | ||
279 | if (GNUNET_OK == write_file (fname, json)) | ||
280 | { | ||
281 | GNUNET_free (fname); | ||
282 | GNUNET_free (json); | ||
283 | return GNUNET_OK; | ||
284 | } | ||
285 | else | ||
286 | { | ||
287 | GNUNET_free (fname); | ||
288 | GNUNET_free (json); | ||
289 | return GNUNET_SYSERR; | ||
290 | } | ||
291 | } | ||
292 | |||
293 | |||
294 | enum GNUNET_GenericReturnValue | ||
295 | PABC_read_usr_ctx (char const *const usr_name, | ||
296 | char const *const pp_name, | ||
297 | struct pabc_context const *const ctx, | ||
298 | struct pabc_public_parameters const *const pp, | ||
299 | struct pabc_user_context **usr_ctx) | ||
300 | { | ||
301 | char *json = NULL; | ||
302 | char *pp_filename; | ||
303 | enum pabc_status status; | ||
304 | |||
305 | char *fname = NULL; | ||
306 | |||
307 | if (NULL == usr_name) | ||
308 | { | ||
309 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer given.\n"); | ||
310 | return GNUNET_SYSERR; | ||
311 | } | ||
312 | if (NULL == pp_name) | ||
313 | { | ||
314 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user given.\n"); | ||
315 | return GNUNET_SYSERR; | ||
316 | } | ||
317 | if (NULL == ctx) | ||
318 | { | ||
319 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No context given.\n"); | ||
320 | return GNUNET_SYSERR; | ||
321 | } | ||
322 | if (NULL == pp) | ||
323 | { | ||
324 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No public parameters given.\n"); | ||
325 | return GNUNET_SYSERR; | ||
326 | } | ||
327 | if (NULL == usr_ctx) | ||
328 | { | ||
329 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n"); | ||
330 | return GNUNET_SYSERR; | ||
331 | } | ||
332 | GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); | ||
333 | |||
334 | size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1 | ||
335 | + strlen (pp_filename) + strlen (PABC_USR_EXT) + 1; | ||
336 | fname = GNUNET_malloc (fname_size); | ||
337 | snprintf (fname, fname_size, "%s/%s_%s%s", get_pabcdir (), usr_name, | ||
338 | pp_filename, | ||
339 | PABC_USR_EXT); | ||
340 | GNUNET_free (pp_filename); | ||
341 | if (GNUNET_OK != read_file (fname, &json)) | ||
342 | { | ||
343 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
344 | "Failed to read `%s'\n", fname); | ||
345 | PABC_FREE_NULL (fname); | ||
346 | return GNUNET_SYSERR; | ||
347 | } | ||
348 | GNUNET_free (fname); | ||
349 | |||
350 | status = pabc_new_user_context (ctx, pp, usr_ctx); | ||
351 | if (PABC_OK != status) | ||
352 | { | ||
353 | GNUNET_free (json); | ||
354 | return GNUNET_SYSERR; | ||
355 | } | ||
356 | status = pabc_decode_user_ctx (ctx, pp, *usr_ctx, json); | ||
357 | GNUNET_free (json); | ||
358 | if (PABC_OK != status) | ||
359 | { | ||
360 | pabc_free_user_context (ctx, pp, usr_ctx); | ||
361 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to encode user context.\n"); | ||
362 | return GNUNET_SYSERR; | ||
363 | } | ||
364 | |||
365 | return GNUNET_OK; | ||
366 | } | ||
diff --git a/src/reclaim/pabc_helper.h b/src/reclaim/pabc_helper.h deleted file mode 100644 index 045ad5dda..000000000 --- a/src/reclaim/pabc_helper.h +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | #include "platform.h" | ||
2 | #include "gnunet_util_lib.h" | ||
3 | #include <pabc/pabc.h> | ||
4 | |||
5 | #ifndef PATH_MAX | ||
6 | #define PATH_MAX 4096 | ||
7 | #endif | ||
8 | |||
9 | #define PABC_ISK_EXT ".isk" | ||
10 | |||
11 | #define PABC_PP_EXT ".pp" | ||
12 | |||
13 | #define PABC_USR_EXT ".usr" | ||
14 | |||
15 | #define PABC_ATTR_DELIM "=" | ||
16 | |||
17 | enum GNUNET_GenericReturnValue | ||
18 | PABC_write_public_parameters (char const *const pp_name, | ||
19 | struct pabc_public_parameters *const pp); | ||
20 | |||
21 | |||
22 | enum GNUNET_GenericReturnValue | ||
23 | PABC_load_public_parameters (struct pabc_context *const ctx, | ||
24 | char const *const pp_name, | ||
25 | struct pabc_public_parameters **pp); | ||
26 | |||
27 | enum GNUNET_GenericReturnValue | ||
28 | PABC_write_usr_ctx (char const *const user_name, | ||
29 | char const *const pp_name, | ||
30 | struct pabc_context const *const ctx, | ||
31 | struct pabc_public_parameters const *const | ||
32 | pp, | ||
33 | struct pabc_user_context *const usr_ctx); | ||
34 | |||
35 | enum GNUNET_GenericReturnValue | ||
36 | PABC_read_usr_ctx (char const *const user_name, | ||
37 | char const *const pp_name, | ||
38 | struct pabc_context const *const ctx, | ||
39 | struct pabc_public_parameters const *const | ||
40 | pp, | ||
41 | struct pabc_user_context **usr_ctx); | ||
diff --git a/src/reclaim/plugin_gnsrecord_reclaim.c b/src/reclaim/plugin_gnsrecord_reclaim.c deleted file mode 100644 index ce6fe483d..000000000 --- a/src/reclaim/plugin_gnsrecord_reclaim.c +++ /dev/null | |||
@@ -1,195 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_gnsrecord_reclaim.c | ||
23 | * @brief gnsrecord plugin to provide the API for identity records | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | |||
28 | #include "gnunet_util_lib.h" | ||
29 | |||
30 | #include "gnunet_gnsrecord_lib.h" | ||
31 | #include "gnunet_gnsrecord_plugin.h" | ||
32 | |||
33 | /** | ||
34 | * Convert the 'value' of a record to a string. | ||
35 | * | ||
36 | * @param cls closure, unused | ||
37 | * @param type type of the record | ||
38 | * @param data value in binary encoding | ||
39 | * @param data_size number of bytes in @a data | ||
40 | * @return NULL on error, otherwise human-readable representation of the value | ||
41 | */ | ||
42 | static char * | ||
43 | value_to_string (void *cls, uint32_t type, const void *data, size_t data_size) | ||
44 | { | ||
45 | switch (type) | ||
46 | { | ||
47 | case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: | ||
48 | case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: | ||
49 | return GNUNET_strndup (data, data_size); | ||
50 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE: | ||
51 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: | ||
52 | case GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET: | ||
53 | case GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL: | ||
54 | case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: | ||
55 | return GNUNET_STRINGS_data_to_string_alloc (data, data_size); | ||
56 | |||
57 | default: | ||
58 | return NULL; | ||
59 | } | ||
60 | } | ||
61 | |||
62 | |||
63 | /** | ||
64 | * Convert human-readable version of a 'value' of a record to the binary | ||
65 | * representation. | ||
66 | * | ||
67 | * @param cls closure, unused | ||
68 | * @param type type of the record | ||
69 | * @param s human-readable string | ||
70 | * @param data set to value in binary encoding (will be allocated) | ||
71 | * @param data_size set to number of bytes in @a data | ||
72 | * @return #GNUNET_OK on success | ||
73 | */ | ||
74 | static int | ||
75 | string_to_value (void *cls, uint32_t type, const char *s, void **data, | ||
76 | size_t *data_size) | ||
77 | { | ||
78 | if (NULL == s) | ||
79 | return GNUNET_SYSERR; | ||
80 | switch (type) | ||
81 | { | ||
82 | case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT: | ||
83 | case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT: | ||
84 | *data = GNUNET_strdup (s); | ||
85 | *data_size = strlen (s); | ||
86 | return GNUNET_OK; | ||
87 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE: | ||
88 | case GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF: | ||
89 | case GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET: | ||
90 | case GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL: | ||
91 | case GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION: | ||
92 | return GNUNET_STRINGS_string_to_data (s, strlen (s), *data, *data_size); | ||
93 | |||
94 | default: | ||
95 | return GNUNET_SYSERR; | ||
96 | } | ||
97 | } | ||
98 | |||
99 | |||
100 | /** | ||
101 | * Mapping of record type numbers to human-readable | ||
102 | * record type names. | ||
103 | */ | ||
104 | static struct | ||
105 | { | ||
106 | const char *name; | ||
107 | uint32_t number; | ||
108 | } name_map[] = { | ||
109 | { "RECLAIM_ATTRIBUTE", GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE }, | ||
110 | { "RECLAIM_ATTRIBUTE_REF", GNUNET_GNSRECORD_TYPE_RECLAIM_ATTRIBUTE_REF }, | ||
111 | { "RECLAIM_CREDENTIAL", GNUNET_GNSRECORD_TYPE_RECLAIM_CREDENTIAL }, | ||
112 | { "RECLAIM_PRESENTATION", GNUNET_GNSRECORD_TYPE_RECLAIM_PRESENTATION }, | ||
113 | { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT }, | ||
114 | { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT }, | ||
115 | { "RECLAIM_TICKET", GNUNET_GNSRECORD_TYPE_RECLAIM_TICKET }, | ||
116 | { NULL, UINT32_MAX } | ||
117 | }; | ||
118 | |||
119 | |||
120 | /** | ||
121 | * Convert a type name (e.g. "AAAA") to the corresponding number. | ||
122 | * | ||
123 | * @param cls closure, unused | ||
124 | * @param dns_typename name to convert | ||
125 | * @return corresponding number, UINT32_MAX on error | ||
126 | */ | ||
127 | static uint32_t | ||
128 | typename_to_number (void *cls, const char *dns_typename) | ||
129 | { | ||
130 | unsigned int i; | ||
131 | |||
132 | i = 0; | ||
133 | while ((NULL != name_map[i].name) && | ||
134 | (0 != strcasecmp (dns_typename, name_map[i].name))) | ||
135 | i++; | ||
136 | return name_map[i].number; | ||
137 | } | ||
138 | |||
139 | |||
140 | /** | ||
141 | * Convert a type number to the corresponding type string (e.g. 1 to "A") | ||
142 | * | ||
143 | * @param cls closure, unused | ||
144 | * @param type number of a type to convert | ||
145 | * @return corresponding typestring, NULL on error | ||
146 | */ | ||
147 | static const char * | ||
148 | number_to_typename (void *cls, uint32_t type) | ||
149 | { | ||
150 | unsigned int i; | ||
151 | |||
152 | i = 0; | ||
153 | while ((NULL != name_map[i].name) && (type != name_map[i].number)) | ||
154 | i++; | ||
155 | return name_map[i].name; | ||
156 | } | ||
157 | |||
158 | |||
159 | /** | ||
160 | * Entry point for the plugin. | ||
161 | * | ||
162 | * @param cls NULL | ||
163 | * @return the exported block API | ||
164 | */ | ||
165 | void * | ||
166 | libgnunet_plugin_gnsrecord_reclaim_init (void *cls) | ||
167 | { | ||
168 | struct GNUNET_GNSRECORD_PluginFunctions *api; | ||
169 | |||
170 | api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions); | ||
171 | api->value_to_string = &value_to_string; | ||
172 | api->string_to_value = &string_to_value; | ||
173 | api->typename_to_number = &typename_to_number; | ||
174 | api->number_to_typename = &number_to_typename; | ||
175 | return api; | ||
176 | } | ||
177 | |||
178 | |||
179 | /** | ||
180 | * Exit point from the plugin. | ||
181 | * | ||
182 | * @param cls the return value from #libgnunet_plugin_block_test_init | ||
183 | * @return NULL | ||
184 | */ | ||
185 | void * | ||
186 | libgnunet_plugin_gnsrecord_reclaim_done (void *cls) | ||
187 | { | ||
188 | struct GNUNET_GNSRECORD_PluginFunctions *api = cls; | ||
189 | |||
190 | GNUNET_free (api); | ||
191 | return NULL; | ||
192 | } | ||
193 | |||
194 | |||
195 | /* end of plugin_gnsrecord_dns.c */ | ||
diff --git a/src/reclaim/plugin_reclaim_attribute_basic.c b/src/reclaim/plugin_reclaim_attribute_basic.c deleted file mode 100644 index 66f59998a..000000000 --- a/src/reclaim/plugin_reclaim_attribute_basic.c +++ /dev/null | |||
@@ -1,181 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim-attribute/plugin_reclaim_attribute_gnuid.c | ||
23 | * @brief reclaim-attribute-plugin-gnuid attribute plugin to provide the API for | ||
24 | * fundamental | ||
25 | * attribute types. | ||
26 | * | ||
27 | * @author Martin Schanzenbach | ||
28 | */ | ||
29 | #include "platform.h" | ||
30 | #include "gnunet_util_lib.h" | ||
31 | #include "gnunet_reclaim_plugin.h" | ||
32 | #include <inttypes.h> | ||
33 | |||
34 | |||
35 | /** | ||
36 | * Convert the 'value' of an attribute to a string. | ||
37 | * | ||
38 | * @param cls closure, unused | ||
39 | * @param type type of the attribute | ||
40 | * @param data value in binary encoding | ||
41 | * @param data_size number of bytes in @a data | ||
42 | * @return NULL on error, otherwise human-readable representation of the value | ||
43 | */ | ||
44 | static char * | ||
45 | basic_value_to_string (void *cls, | ||
46 | uint32_t type, | ||
47 | const void *data, | ||
48 | size_t data_size) | ||
49 | { | ||
50 | switch (type) | ||
51 | { | ||
52 | case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING: | ||
53 | return GNUNET_strndup (data, data_size); | ||
54 | |||
55 | default: | ||
56 | return NULL; | ||
57 | } | ||
58 | } | ||
59 | |||
60 | |||
61 | /** | ||
62 | * Convert human-readable version of a 'value' of an attribute to the binary | ||
63 | * representation. | ||
64 | * | ||
65 | * @param cls closure, unused | ||
66 | * @param type type of the attribute | ||
67 | * @param s human-readable string | ||
68 | * @param data set to value in binary encoding (will be allocated) | ||
69 | * @param data_size set to number of bytes in @a data | ||
70 | * @return #GNUNET_OK on success | ||
71 | */ | ||
72 | static int | ||
73 | basic_string_to_value (void *cls, | ||
74 | uint32_t type, | ||
75 | const char *s, | ||
76 | void **data, | ||
77 | size_t *data_size) | ||
78 | { | ||
79 | if (NULL == s) | ||
80 | return GNUNET_SYSERR; | ||
81 | switch (type) | ||
82 | { | ||
83 | case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING: | ||
84 | *data = GNUNET_strdup (s); | ||
85 | *data_size = strlen (s) + 1; | ||
86 | return GNUNET_OK; | ||
87 | |||
88 | default: | ||
89 | return GNUNET_SYSERR; | ||
90 | } | ||
91 | } | ||
92 | |||
93 | |||
94 | /** | ||
95 | * Mapping of attribute type numbers to human-readable | ||
96 | * attribute type names. | ||
97 | */ | ||
98 | static struct | ||
99 | { | ||
100 | const char *name; | ||
101 | uint32_t number; | ||
102 | } basic_name_map[] = { { "STRING", GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING }, | ||
103 | { NULL, UINT32_MAX } }; | ||
104 | |||
105 | |||
106 | /** | ||
107 | * Convert a type name to the corresponding number. | ||
108 | * | ||
109 | * @param cls closure, unused | ||
110 | * @param basic_typename name to convert | ||
111 | * @return corresponding number, UINT32_MAX on error | ||
112 | */ | ||
113 | static uint32_t | ||
114 | basic_typename_to_number (void *cls, const char *basic_typename) | ||
115 | { | ||
116 | unsigned int i; | ||
117 | |||
118 | i = 0; | ||
119 | while ((NULL != basic_name_map[i].name) && | ||
120 | (0 != strcasecmp (basic_typename, basic_name_map[i].name))) | ||
121 | i++; | ||
122 | return basic_name_map[i].number; | ||
123 | } | ||
124 | |||
125 | |||
126 | /** | ||
127 | * Convert a type number to the corresponding type string (e.g. 1 to "A") | ||
128 | * | ||
129 | * @param cls closure, unused | ||
130 | * @param type number of a type to convert | ||
131 | * @return corresponding typestring, NULL on error | ||
132 | */ | ||
133 | static const char * | ||
134 | basic_number_to_typename (void *cls, uint32_t type) | ||
135 | { | ||
136 | unsigned int i; | ||
137 | |||
138 | i = 0; | ||
139 | while ((NULL != basic_name_map[i].name) && (type != basic_name_map[i].number)) | ||
140 | i++; | ||
141 | return basic_name_map[i].name; | ||
142 | } | ||
143 | |||
144 | |||
145 | /** | ||
146 | * Entry point for the plugin. | ||
147 | * | ||
148 | * @param cls NULL | ||
149 | * @return the exported block API | ||
150 | */ | ||
151 | void * | ||
152 | libgnunet_plugin_reclaim_attribute_basic_init (void *cls) | ||
153 | { | ||
154 | struct GNUNET_RECLAIM_AttributePluginFunctions *api; | ||
155 | |||
156 | api = GNUNET_new (struct GNUNET_RECLAIM_AttributePluginFunctions); | ||
157 | api->value_to_string = &basic_value_to_string; | ||
158 | api->string_to_value = &basic_string_to_value; | ||
159 | api->typename_to_number = &basic_typename_to_number; | ||
160 | api->number_to_typename = &basic_number_to_typename; | ||
161 | return api; | ||
162 | } | ||
163 | |||
164 | |||
165 | /** | ||
166 | * Exit point from the plugin. | ||
167 | * | ||
168 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
169 | * @return NULL | ||
170 | */ | ||
171 | void * | ||
172 | libgnunet_plugin_reclaim_attribute_basic_done (void *cls) | ||
173 | { | ||
174 | struct GNUNET_RECLAIM_AttributePluginFunctions *api = cls; | ||
175 | |||
176 | GNUNET_free (api); | ||
177 | return NULL; | ||
178 | } | ||
179 | |||
180 | |||
181 | /* end of plugin_reclaim_attribute_type_gnuid.c */ | ||
diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c deleted file mode 100644 index 3eb4bfebf..000000000 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ /dev/null | |||
@@ -1,512 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_reclaim_credential_jwt.c | ||
23 | * @brief reclaim-credential-plugin-jwt attribute plugin to provide the API for | ||
24 | * JWT credentials. | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_reclaim_plugin.h" | ||
31 | #include <inttypes.h> | ||
32 | #include <jansson.h> | ||
33 | |||
34 | /** | ||
35 | * Convert the 'value' of an credential to a string. | ||
36 | * | ||
37 | * @param cls closure, unused | ||
38 | * @param type type of the credential | ||
39 | * @param data value in binary encoding | ||
40 | * @param data_size number of bytes in @a data | ||
41 | * @return NULL on error, otherwise human-readable representation of the value | ||
42 | */ | ||
43 | static char * | ||
44 | jwt_value_to_string (void *cls, | ||
45 | uint32_t type, | ||
46 | const void *data, | ||
47 | size_t data_size) | ||
48 | { | ||
49 | switch (type) | ||
50 | { | ||
51 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
52 | return GNUNET_strndup (data, data_size); | ||
53 | |||
54 | default: | ||
55 | return NULL; | ||
56 | } | ||
57 | } | ||
58 | |||
59 | |||
60 | /** | ||
61 | * Convert human-readable version of a 'value' of an credential to the binary | ||
62 | * representation. | ||
63 | * | ||
64 | * @param cls closure, unused | ||
65 | * @param type type of the credential | ||
66 | * @param s human-readable string | ||
67 | * @param data set to value in binary encoding (will be allocated) | ||
68 | * @param data_size set to number of bytes in @a data | ||
69 | * @return #GNUNET_OK on success | ||
70 | */ | ||
71 | static int | ||
72 | jwt_string_to_value (void *cls, | ||
73 | uint32_t type, | ||
74 | const char *s, | ||
75 | void **data, | ||
76 | size_t *data_size) | ||
77 | { | ||
78 | if (NULL == s) | ||
79 | return GNUNET_SYSERR; | ||
80 | switch (type) | ||
81 | { | ||
82 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT: | ||
83 | *data = GNUNET_strdup (s); | ||
84 | *data_size = strlen (s) + 1; | ||
85 | return GNUNET_OK; | ||
86 | |||
87 | default: | ||
88 | return GNUNET_SYSERR; | ||
89 | } | ||
90 | } | ||
91 | |||
92 | |||
93 | /** | ||
94 | * Mapping of credential type numbers to human-readable | ||
95 | * credential type names. | ||
96 | */ | ||
97 | static struct | ||
98 | { | ||
99 | const char *name; | ||
100 | uint32_t number; | ||
101 | } jwt_cred_name_map[] = { { "JWT", GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT }, | ||
102 | { NULL, UINT32_MAX } }; | ||
103 | |||
104 | /** | ||
105 | * Convert a type name to the corresponding number. | ||
106 | * | ||
107 | * @param cls closure, unused | ||
108 | * @param jwt_typename name to convert | ||
109 | * @return corresponding number, UINT32_MAX on error | ||
110 | */ | ||
111 | static uint32_t | ||
112 | jwt_typename_to_number (void *cls, const char *jwt_typename) | ||
113 | { | ||
114 | unsigned int i; | ||
115 | |||
116 | i = 0; | ||
117 | while ((NULL != jwt_cred_name_map[i].name) && | ||
118 | (0 != strcasecmp (jwt_typename, jwt_cred_name_map[i].name))) | ||
119 | i++; | ||
120 | return jwt_cred_name_map[i].number; | ||
121 | } | ||
122 | |||
123 | |||
124 | /** | ||
125 | * Convert a type number to the corresponding type string (e.g. 1 to "A") | ||
126 | * | ||
127 | * @param cls closure, unused | ||
128 | * @param type number of a type to convert | ||
129 | * @return corresponding typestring, NULL on error | ||
130 | */ | ||
131 | static const char * | ||
132 | jwt_number_to_typename (void *cls, uint32_t type) | ||
133 | { | ||
134 | unsigned int i; | ||
135 | |||
136 | i = 0; | ||
137 | while ((NULL != jwt_cred_name_map[i].name) && (type != | ||
138 | jwt_cred_name_map[i]. | ||
139 | number)) | ||
140 | i++; | ||
141 | return jwt_cred_name_map[i].name; | ||
142 | } | ||
143 | |||
144 | |||
145 | /** | ||
146 | * Parse a JWT and return the respective claim value as Attribute | ||
147 | * | ||
148 | * @param cls the plugin | ||
149 | * @param cred the jwt credential | ||
150 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
151 | */ | ||
152 | struct GNUNET_RECLAIM_AttributeList * | ||
153 | jwt_parse_attributes (void *cls, | ||
154 | const char *data, | ||
155 | size_t data_size) | ||
156 | { | ||
157 | char *jwt_string; | ||
158 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
159 | char delim[] = "."; | ||
160 | char *val_str = NULL; | ||
161 | char *decoded_jwt; | ||
162 | char *tmp; | ||
163 | json_t *json_val; | ||
164 | json_error_t json_err; | ||
165 | |||
166 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
167 | |||
168 | jwt_string = GNUNET_strndup (data, data_size); | ||
169 | const char *jwt_body = strtok (jwt_string, delim); | ||
170 | if (NULL == jwt_body) | ||
171 | { | ||
172 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
173 | "Failed to parse JSON %s\n", jwt_string); | ||
174 | return attrs; | ||
175 | } | ||
176 | jwt_body = strtok (NULL, delim); | ||
177 | if (NULL == jwt_body) | ||
178 | { | ||
179 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
180 | "Failed to parse JSON %s\n", jwt_string); | ||
181 | GNUNET_free (jwt_string); | ||
182 | return attrs; | ||
183 | } | ||
184 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
185 | (void **) &decoded_jwt); | ||
186 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); | ||
187 | GNUNET_assert (NULL != decoded_jwt); | ||
188 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
189 | GNUNET_free (decoded_jwt); | ||
190 | const char *key; | ||
191 | const char *addr_key; | ||
192 | json_t *value; | ||
193 | json_t *addr_value; | ||
194 | |||
195 | json_object_foreach (json_val, key, value) { | ||
196 | if (0 == strcmp ("iss", key)) | ||
197 | continue; | ||
198 | if (0 == strcmp ("jti", key)) | ||
199 | continue; | ||
200 | if (0 == strcmp ("exp", key)) | ||
201 | continue; | ||
202 | if (0 == strcmp ("iat", key)) | ||
203 | continue; | ||
204 | if (0 == strcmp ("nbf", key)) | ||
205 | continue; | ||
206 | if (0 == strcmp ("aud", key)) | ||
207 | continue; | ||
208 | if (0 == strcmp ("address", key)) | ||
209 | { | ||
210 | if (! json_is_object (value)) | ||
211 | { | ||
212 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
213 | "address claim in wrong format!"); | ||
214 | continue; | ||
215 | } | ||
216 | json_object_foreach (value, addr_key, addr_value) { | ||
217 | val_str = json_dumps (addr_value, JSON_ENCODE_ANY); | ||
218 | tmp = val_str; | ||
219 | // Remove leading " from jasson conversion | ||
220 | if (tmp[0] == '"') | ||
221 | tmp++; | ||
222 | // Remove trailing " from jansson conversion | ||
223 | if (tmp[strlen (tmp) - 1] == '"') | ||
224 | tmp[strlen (tmp) - 1] = '\0'; | ||
225 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
226 | addr_key, | ||
227 | NULL, | ||
228 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
229 | tmp, | ||
230 | strlen (val_str)); | ||
231 | GNUNET_free (val_str); | ||
232 | } | ||
233 | continue; | ||
234 | } | ||
235 | val_str = json_dumps (value, JSON_ENCODE_ANY); | ||
236 | tmp = val_str; | ||
237 | // Remove leading " from jasson conversion | ||
238 | if (tmp[0] == '"') | ||
239 | tmp++; | ||
240 | // Remove trailing " from jansson conversion | ||
241 | if (tmp[strlen (tmp) - 1] == '"') | ||
242 | tmp[strlen (tmp) - 1] = '\0'; | ||
243 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
244 | key, | ||
245 | NULL, | ||
246 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,// FIXME | ||
247 | tmp, | ||
248 | strlen (val_str)); | ||
249 | GNUNET_free (val_str); | ||
250 | } | ||
251 | json_decref (json_val); | ||
252 | GNUNET_free (jwt_string); | ||
253 | return attrs; | ||
254 | } | ||
255 | |||
256 | |||
257 | /** | ||
258 | * Parse a JWT and return the respective claim value as Attribute | ||
259 | * | ||
260 | * @param cls the plugin | ||
261 | * @param cred the jwt credential | ||
262 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
263 | */ | ||
264 | struct GNUNET_RECLAIM_AttributeList * | ||
265 | jwt_parse_attributes_c (void *cls, | ||
266 | const struct GNUNET_RECLAIM_Credential *cred) | ||
267 | { | ||
268 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) | ||
269 | return NULL; | ||
270 | return jwt_parse_attributes (cls, cred->data, cred->data_size); | ||
271 | } | ||
272 | |||
273 | |||
274 | /** | ||
275 | * Parse a JWT and return the respective claim value as Attribute | ||
276 | * | ||
277 | * @param cls the plugin | ||
278 | * @param cred the jwt credential | ||
279 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
280 | */ | ||
281 | struct GNUNET_RECLAIM_AttributeList * | ||
282 | jwt_parse_attributes_p (void *cls, | ||
283 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
284 | { | ||
285 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) | ||
286 | return NULL; | ||
287 | return jwt_parse_attributes (cls, cred->data, cred->data_size); | ||
288 | } | ||
289 | |||
290 | |||
291 | /** | ||
292 | * Parse a JWT and return the issuer | ||
293 | * | ||
294 | * @param cls the plugin | ||
295 | * @param cred the jwt credential | ||
296 | * @return a string, containing the isser | ||
297 | */ | ||
298 | char * | ||
299 | jwt_get_issuer (void *cls, | ||
300 | const char *data, | ||
301 | size_t data_size) | ||
302 | { | ||
303 | const char *jwt_body; | ||
304 | char *jwt_string; | ||
305 | char delim[] = "."; | ||
306 | char *issuer = NULL; | ||
307 | char *decoded_jwt; | ||
308 | json_t *issuer_json; | ||
309 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
310 | json_t *json_val; | ||
311 | json_error_t json_err; | ||
312 | |||
313 | jwt_string = GNUNET_strndup (data, data_size); | ||
314 | jwt_body = strtok (jwt_string, delim); | ||
315 | jwt_body = strtok (NULL, delim); | ||
316 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
317 | (void **) &decoded_jwt); | ||
318 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
319 | GNUNET_free (decoded_jwt); | ||
320 | GNUNET_free (jwt_string); | ||
321 | if (NULL == json_val) | ||
322 | return NULL; | ||
323 | issuer_json = json_object_get (json_val, "iss"); | ||
324 | if ((NULL == issuer_json) || (! json_is_string (issuer_json))) | ||
325 | { | ||
326 | json_decref (json_val); | ||
327 | return NULL; | ||
328 | } | ||
329 | issuer = GNUNET_strdup (json_string_value (issuer_json)); | ||
330 | json_decref (json_val); | ||
331 | return issuer; | ||
332 | } | ||
333 | |||
334 | |||
335 | /** | ||
336 | * Parse a JWT and return the issuer | ||
337 | * | ||
338 | * @param cls the plugin | ||
339 | * @param cred the jwt credential | ||
340 | * @return a string, containing the isser | ||
341 | */ | ||
342 | char * | ||
343 | jwt_get_issuer_c (void *cls, | ||
344 | const struct GNUNET_RECLAIM_Credential *cred) | ||
345 | { | ||
346 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
347 | return NULL; | ||
348 | return jwt_get_issuer (cls, cred->data, cred->data_size); | ||
349 | } | ||
350 | |||
351 | |||
352 | /** | ||
353 | * Parse a JWT and return the issuer | ||
354 | * | ||
355 | * @param cls the plugin | ||
356 | * @param cred the jwt credential | ||
357 | * @return a string, containing the isser | ||
358 | */ | ||
359 | char * | ||
360 | jwt_get_issuer_p (void *cls, | ||
361 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
362 | { | ||
363 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
364 | return NULL; | ||
365 | return jwt_get_issuer (cls, cred->data, cred->data_size); | ||
366 | } | ||
367 | |||
368 | |||
369 | /** | ||
370 | * Parse a JWT and return the expiration | ||
371 | * | ||
372 | * @param cls the plugin | ||
373 | * @param cred the jwt credential | ||
374 | * @return a string, containing the isser | ||
375 | */ | ||
376 | enum GNUNET_GenericReturnValue | ||
377 | jwt_get_expiration (void *cls, | ||
378 | const char *data, | ||
379 | size_t data_size, | ||
380 | struct GNUNET_TIME_Absolute *exp) | ||
381 | { | ||
382 | const char *jwt_body; | ||
383 | char *jwt_string; | ||
384 | char delim[] = "."; | ||
385 | char *decoded_jwt; | ||
386 | json_t *exp_json; | ||
387 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
388 | json_t *json_val; | ||
389 | json_error_t json_err; | ||
390 | |||
391 | jwt_string = GNUNET_strndup (data, data_size); | ||
392 | jwt_body = strtok (jwt_string, delim); | ||
393 | jwt_body = strtok (NULL, delim); | ||
394 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
395 | (void **) &decoded_jwt); | ||
396 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
397 | GNUNET_free (decoded_jwt); | ||
398 | GNUNET_free (jwt_string); | ||
399 | if (NULL == json_val) | ||
400 | return GNUNET_SYSERR; | ||
401 | exp_json = json_object_get (json_val, "exp"); | ||
402 | if ((NULL == exp_json) || (! json_is_integer (exp_json))) | ||
403 | { | ||
404 | json_decref (json_val); | ||
405 | return GNUNET_SYSERR; | ||
406 | } | ||
407 | exp->abs_value_us = json_integer_value (exp_json) * 1000 * 1000; | ||
408 | json_decref (json_val); | ||
409 | return GNUNET_OK; | ||
410 | } | ||
411 | |||
412 | |||
413 | /** | ||
414 | * Parse a JWT and return the expiration | ||
415 | * | ||
416 | * @param cls the plugin | ||
417 | * @param cred the jwt credential | ||
418 | * @return the expirati | ||
419 | */ | ||
420 | enum GNUNET_GenericReturnValue | ||
421 | jwt_get_expiration_c (void *cls, | ||
422 | const struct GNUNET_RECLAIM_Credential *cred, | ||
423 | struct GNUNET_TIME_Absolute *exp) | ||
424 | { | ||
425 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
426 | return GNUNET_NO; | ||
427 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); | ||
428 | } | ||
429 | |||
430 | |||
431 | /** | ||
432 | * Parse a JWT and return the expiration | ||
433 | * | ||
434 | * @param cls the plugin | ||
435 | * @param cred the jwt credential | ||
436 | * @return a string, containing the isser | ||
437 | */ | ||
438 | enum GNUNET_GenericReturnValue | ||
439 | jwt_get_expiration_p (void *cls, | ||
440 | const struct GNUNET_RECLAIM_Presentation *cred, | ||
441 | struct GNUNET_TIME_Absolute *exp) | ||
442 | { | ||
443 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
444 | return GNUNET_NO; | ||
445 | return jwt_get_expiration (cls, cred->data, cred->data_size, exp); | ||
446 | } | ||
447 | |||
448 | |||
449 | enum GNUNET_GenericReturnValue | ||
450 | jwt_create_presentation (void *cls, | ||
451 | const struct GNUNET_RECLAIM_Credential *cred, | ||
452 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
453 | struct GNUNET_RECLAIM_Presentation **presentation) | ||
454 | { | ||
455 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) | ||
456 | return GNUNET_NO; | ||
457 | *presentation = GNUNET_RECLAIM_presentation_new ( | ||
458 | GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT, | ||
459 | cred->data, | ||
460 | cred->data_size); | ||
461 | return GNUNET_OK; | ||
462 | } | ||
463 | |||
464 | |||
465 | /** | ||
466 | * Entry point for the plugin. | ||
467 | * | ||
468 | * @param cls NULL | ||
469 | * @return the exported block API | ||
470 | */ | ||
471 | void * | ||
472 | libgnunet_plugin_reclaim_credential_jwt_init (void *cls) | ||
473 | { | ||
474 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
475 | |||
476 | api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); | ||
477 | api->value_to_string = &jwt_value_to_string; | ||
478 | api->string_to_value = &jwt_string_to_value; | ||
479 | api->typename_to_number = &jwt_typename_to_number; | ||
480 | api->number_to_typename = &jwt_number_to_typename; | ||
481 | api->get_attributes = &jwt_parse_attributes_c; | ||
482 | api->get_issuer = &jwt_get_issuer_c; | ||
483 | api->get_expiration = &jwt_get_expiration_c; | ||
484 | api->value_to_string_p = &jwt_value_to_string; | ||
485 | api->string_to_value_p = &jwt_string_to_value; | ||
486 | api->typename_to_number_p = &jwt_typename_to_number; | ||
487 | api->number_to_typename_p = &jwt_number_to_typename; | ||
488 | api->get_attributes_p = &jwt_parse_attributes_p; | ||
489 | api->get_issuer_p = &jwt_get_issuer_p; | ||
490 | api->get_expiration_p = &jwt_get_expiration_p; | ||
491 | api->create_presentation = &jwt_create_presentation; | ||
492 | return api; | ||
493 | } | ||
494 | |||
495 | |||
496 | /** | ||
497 | * Exit point from the plugin. | ||
498 | * | ||
499 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
500 | * @return NULL | ||
501 | */ | ||
502 | void * | ||
503 | libgnunet_plugin_reclaim_credential_jwt_done (void *cls) | ||
504 | { | ||
505 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; | ||
506 | |||
507 | GNUNET_free (api); | ||
508 | return NULL; | ||
509 | } | ||
510 | |||
511 | |||
512 | /* end of plugin_reclaim_credential_type_jwt.c */ | ||
diff --git a/src/reclaim/plugin_reclaim_credential_pabc.c b/src/reclaim/plugin_reclaim_credential_pabc.c deleted file mode 100644 index a906805fb..000000000 --- a/src/reclaim/plugin_reclaim_credential_pabc.c +++ /dev/null | |||
@@ -1,572 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2013, 2014, 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/plugin_reclaim_credential_pabc.c | ||
23 | * @brief reclaim-credential-plugin-pabc attribute plugin to provide the API for | ||
24 | * pabc credentials. | ||
25 | * | ||
26 | * @author Martin Schanzenbach | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include "gnunet_util_lib.h" | ||
30 | #include "gnunet_reclaim_plugin.h" | ||
31 | #include <inttypes.h> | ||
32 | #include <jansson.h> | ||
33 | #include <pabc/pabc.h> | ||
34 | #include "pabc_helper.h" | ||
35 | |||
36 | /** | ||
37 | * Convert the 'value' of an credential to a string. | ||
38 | * | ||
39 | * @param cls closure, unused | ||
40 | * @param type type of the credential | ||
41 | * @param data value in binary encoding | ||
42 | * @param data_size number of bytes in @a data | ||
43 | * @return NULL on error, otherwise human-readable representation of the value | ||
44 | */ | ||
45 | static char * | ||
46 | pabc_value_to_string (void *cls, | ||
47 | uint32_t type, | ||
48 | const void *data, | ||
49 | size_t data_size) | ||
50 | { | ||
51 | switch (type) | ||
52 | { | ||
53 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC: | ||
54 | return GNUNET_strndup (data, data_size); | ||
55 | |||
56 | default: | ||
57 | return NULL; | ||
58 | } | ||
59 | } | ||
60 | |||
61 | |||
62 | /** | ||
63 | * Convert human-readable version of a 'value' of an credential to the binary | ||
64 | * representation. | ||
65 | * | ||
66 | * @param cls closure, unused | ||
67 | * @param type type of the credential | ||
68 | * @param s human-readable string | ||
69 | * @param data set to value in binary encoding (will be allocated) | ||
70 | * @param data_size set to number of bytes in @a data | ||
71 | * @return #GNUNET_OK on success | ||
72 | */ | ||
73 | static int | ||
74 | pabc_string_to_value (void *cls, | ||
75 | uint32_t type, | ||
76 | const char *s, | ||
77 | void **data, | ||
78 | size_t *data_size) | ||
79 | { | ||
80 | if (NULL == s) | ||
81 | return GNUNET_SYSERR; | ||
82 | switch (type) | ||
83 | { | ||
84 | case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC: | ||
85 | *data = GNUNET_strdup (s); | ||
86 | *data_size = strlen (s) + 1; | ||
87 | return GNUNET_OK; | ||
88 | |||
89 | default: | ||
90 | return GNUNET_SYSERR; | ||
91 | } | ||
92 | } | ||
93 | |||
94 | |||
95 | /** | ||
96 | * Mapping of credential type numbers to human-readable | ||
97 | * credential type names. | ||
98 | */ | ||
99 | static struct | ||
100 | { | ||
101 | const char *name; | ||
102 | uint32_t number; | ||
103 | } pabc_cred_name_map[] = { { "PABC", GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC }, | ||
104 | { NULL, UINT32_MAX } }; | ||
105 | |||
106 | /** | ||
107 | * Convert a type name to the corresponding number. | ||
108 | * | ||
109 | * @param cls closure, unused | ||
110 | * @param pabc_typename name to convert | ||
111 | * @return corresponding number, UINT32_MAX on error | ||
112 | */ | ||
113 | static uint32_t | ||
114 | pabc_typename_to_number (void *cls, const char *pabc_typename) | ||
115 | { | ||
116 | unsigned int i; | ||
117 | |||
118 | i = 0; | ||
119 | while ((NULL != pabc_cred_name_map[i].name) && | ||
120 | (0 != strcasecmp (pabc_typename, pabc_cred_name_map[i].name))) | ||
121 | i++; | ||
122 | return pabc_cred_name_map[i].number; | ||
123 | } | ||
124 | |||
125 | |||
126 | /** | ||
127 | * Convert a type number (i.e. 1) to the corresponding type string | ||
128 | * | ||
129 | * @param cls closure, unused | ||
130 | * @param type number of a type to convert | ||
131 | * @return corresponding typestring, NULL on error | ||
132 | */ | ||
133 | static const char * | ||
134 | pabc_number_to_typename (void *cls, uint32_t type) | ||
135 | { | ||
136 | unsigned int i; | ||
137 | |||
138 | i = 0; | ||
139 | while ((NULL != pabc_cred_name_map[i].name) && (type != | ||
140 | pabc_cred_name_map[i]. | ||
141 | number)) | ||
142 | i++; | ||
143 | return pabc_cred_name_map[i].name; | ||
144 | } | ||
145 | |||
146 | |||
147 | static void | ||
148 | inspect_attrs (char const *const key, | ||
149 | char const *const value, | ||
150 | void *ctx) | ||
151 | { | ||
152 | struct GNUNET_RECLAIM_AttributeList *attrs = ctx; | ||
153 | |||
154 | if (NULL == value) | ||
155 | return; | ||
156 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
157 | "Found attribute in PABC credential: `%s': `%s'\n", | ||
158 | key, value); | ||
159 | if (0 == strcmp (key, "expiration")) | ||
160 | return; | ||
161 | if (0 == strcmp (key, "issuer")) | ||
162 | return; | ||
163 | if (0 == strcmp (key, "subject")) | ||
164 | return; | ||
165 | GNUNET_RECLAIM_attribute_list_add (attrs, | ||
166 | key, | ||
167 | NULL, | ||
168 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
169 | value, | ||
170 | strlen (value)); | ||
171 | } | ||
172 | |||
173 | |||
174 | /** | ||
175 | * Parse a pabc and return the respective claim value as Attribute | ||
176 | * | ||
177 | * @param cls the plugin | ||
178 | * @param cred the pabc credential | ||
179 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
180 | */ | ||
181 | struct GNUNET_RECLAIM_AttributeList * | ||
182 | pabc_parse_attributes (void *cls, | ||
183 | const char *data, | ||
184 | size_t data_size) | ||
185 | { | ||
186 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
187 | |||
188 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
189 | "Collecting PABC attributes...\n"); | ||
190 | attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
191 | GNUNET_assert (PABC_OK == | ||
192 | pabc_cred_inspect_credential (data, | ||
193 | &inspect_attrs, attrs)); | ||
194 | return attrs; | ||
195 | } | ||
196 | |||
197 | |||
198 | /** | ||
199 | * Parse a pabc and return the respective claim value as Attribute | ||
200 | * | ||
201 | * @param cls the plugin | ||
202 | * @param cred the pabc credential | ||
203 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
204 | */ | ||
205 | struct GNUNET_RECLAIM_AttributeList * | ||
206 | pabc_parse_attributes_c (void *cls, | ||
207 | const struct GNUNET_RECLAIM_Credential *cred) | ||
208 | { | ||
209 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) | ||
210 | return NULL; | ||
211 | return pabc_parse_attributes (cls, cred->data, cred->data_size); | ||
212 | } | ||
213 | |||
214 | |||
215 | /** | ||
216 | * Parse a pabc and return the respective claim value as Attribute | ||
217 | * | ||
218 | * @param cls the plugin | ||
219 | * @param cred the pabc credential | ||
220 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
221 | */ | ||
222 | struct GNUNET_RECLAIM_AttributeList * | ||
223 | pabc_parse_attributes_p (void *cls, | ||
224 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
225 | { | ||
226 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) | ||
227 | return NULL; | ||
228 | return pabc_parse_attributes (cls, cred->data, cred->data_size); | ||
229 | } | ||
230 | |||
231 | |||
232 | /** | ||
233 | * Parse a pabc and return the issuer | ||
234 | * | ||
235 | * @param cls the plugin | ||
236 | * @param cred the pabc credential | ||
237 | * @return a string, containing the isser | ||
238 | */ | ||
239 | char* | ||
240 | pabc_get_issuer (void *cls, | ||
241 | const char *data, | ||
242 | size_t data_size) | ||
243 | { | ||
244 | char *res; | ||
245 | if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data, | ||
246 | "issuer", | ||
247 | &res)) | ||
248 | return NULL; | ||
249 | return res; | ||
250 | } | ||
251 | |||
252 | |||
253 | /** | ||
254 | * Parse a pabc and return the issuer | ||
255 | * | ||
256 | * @param cls the plugin | ||
257 | * @param cred the pabc credential | ||
258 | * @return a string, containing the isser | ||
259 | */ | ||
260 | char * | ||
261 | pabc_get_issuer_c (void *cls, | ||
262 | const struct GNUNET_RECLAIM_Credential *cred) | ||
263 | { | ||
264 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type) | ||
265 | return NULL; | ||
266 | return pabc_get_issuer (cls, cred->data, cred->data_size); | ||
267 | } | ||
268 | |||
269 | |||
270 | /** | ||
271 | * Parse a pabc and return the issuer | ||
272 | * | ||
273 | * @param cls the plugin | ||
274 | * @param cred the pabc credential | ||
275 | * @return a string, containing the isser | ||
276 | */ | ||
277 | char * | ||
278 | pabc_get_issuer_p (void *cls, | ||
279 | const struct GNUNET_RECLAIM_Presentation *cred) | ||
280 | { | ||
281 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type) | ||
282 | return NULL; | ||
283 | return pabc_get_issuer (cls, cred->data, cred->data_size); | ||
284 | } | ||
285 | |||
286 | |||
287 | /** | ||
288 | * Parse a pabc and return the expiration | ||
289 | * | ||
290 | * @param cls the plugin | ||
291 | * @param cred the pabc credential | ||
292 | * @return a string, containing the isser | ||
293 | */ | ||
294 | enum GNUNET_GenericReturnValue | ||
295 | pabc_get_expiration (void *cls, | ||
296 | const char *data, | ||
297 | size_t data_size, | ||
298 | struct GNUNET_TIME_Absolute *exp) | ||
299 | { | ||
300 | char *exp_str; | ||
301 | uint64_t exp_i; | ||
302 | |||
303 | if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data, | ||
304 | "expiration", | ||
305 | &exp_str)) | ||
306 | return GNUNET_SYSERR; | ||
307 | |||
308 | if (1 != sscanf (exp_str, "%llu", &exp_i)) | ||
309 | { | ||
310 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
311 | "Invalid expiration `%s'\n", exp_str); | ||
312 | GNUNET_free (exp_str); | ||
313 | return GNUNET_SYSERR; | ||
314 | } | ||
315 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
316 | "Converted expiration string `%s' to %llu", | ||
317 | exp_str, exp_i); | ||
318 | |||
319 | GNUNET_free (exp_str); | ||
320 | exp->abs_value_us = exp_i * 1000 * 1000; | ||
321 | return GNUNET_OK; | ||
322 | } | ||
323 | |||
324 | |||
325 | /** | ||
326 | * Parse a pabc and return the expiration | ||
327 | * | ||
328 | * @param cls the plugin | ||
329 | * @param cred the pabc credential | ||
330 | * @return a string, containing the isser | ||
331 | */ | ||
332 | enum GNUNET_GenericReturnValue | ||
333 | pabc_get_expiration_c (void *cls, | ||
334 | const struct GNUNET_RECLAIM_Credential *cred, | ||
335 | struct GNUNET_TIME_Absolute *exp) | ||
336 | { | ||
337 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) | ||
338 | return GNUNET_NO; | ||
339 | return pabc_get_expiration (cls, cred->data, cred->data_size, exp); | ||
340 | } | ||
341 | |||
342 | |||
343 | /** | ||
344 | * Parse a pabc and return the expiration | ||
345 | * | ||
346 | * @param cls the plugin | ||
347 | * @param cred the pabc credential | ||
348 | * @return a string, containing the isser | ||
349 | */ | ||
350 | enum GNUNET_GenericReturnValue | ||
351 | pabc_get_expiration_p (void *cls, | ||
352 | const struct GNUNET_RECLAIM_Presentation *cred, | ||
353 | struct GNUNET_TIME_Absolute *exp) | ||
354 | { | ||
355 | if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) | ||
356 | return GNUNET_NO; | ||
357 | return pabc_get_expiration (cls, cred->data, cred->data_size, exp); | ||
358 | } | ||
359 | |||
360 | |||
361 | int | ||
362 | pabc_create_presentation (void *cls, | ||
363 | const struct GNUNET_RECLAIM_Credential *credential, | ||
364 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
365 | struct GNUNET_RECLAIM_Presentation **presentation) | ||
366 | { | ||
367 | struct pabc_context *ctx = NULL; | ||
368 | struct pabc_user_context *usr_ctx = NULL; | ||
369 | struct pabc_public_parameters *pp = NULL; | ||
370 | struct pabc_credential *cred = NULL; | ||
371 | struct pabc_blinded_proof *proof = NULL; | ||
372 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
373 | char *issuer; | ||
374 | char *subject; | ||
375 | enum pabc_status status; | ||
376 | |||
377 | if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != credential->type) | ||
378 | return GNUNET_NO; | ||
379 | |||
380 | |||
381 | PABC_ASSERT (pabc_new_ctx (&ctx)); | ||
382 | issuer = pabc_get_issuer_c (cls, credential); | ||
383 | if (NULL == issuer) | ||
384 | { | ||
385 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
386 | "No issuer found in credential\n"); | ||
387 | pabc_free_ctx (&ctx); | ||
388 | return GNUNET_SYSERR; | ||
389 | } | ||
390 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
391 | "Got issuer for credential: %s\n", issuer); | ||
392 | status = PABC_load_public_parameters (ctx, issuer, &pp); | ||
393 | if (status != PABC_OK) | ||
394 | { | ||
395 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
396 | "Failed to read public parameters.\n"); | ||
397 | pabc_free_ctx (&ctx); | ||
398 | GNUNET_free (issuer); | ||
399 | return GNUNET_SYSERR; | ||
400 | } | ||
401 | if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (credential->data, | ||
402 | "subject", | ||
403 | &subject)) | ||
404 | { | ||
405 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
406 | "Failed to get subject.\n"); | ||
407 | pabc_free_ctx (&ctx); | ||
408 | GNUNET_free (issuer); | ||
409 | return GNUNET_SYSERR; | ||
410 | } | ||
411 | status = PABC_read_usr_ctx (subject, issuer, ctx, pp, &usr_ctx); | ||
412 | GNUNET_free (issuer); | ||
413 | GNUNET_free (subject); | ||
414 | if (PABC_OK != status) | ||
415 | { | ||
416 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
417 | "Failed to read user context.\n"); | ||
418 | pabc_free_public_parameters (ctx, &pp); | ||
419 | return GNUNET_SYSERR; | ||
420 | } | ||
421 | |||
422 | status = pabc_new_credential (ctx, pp, &cred); | ||
423 | if (status != PABC_OK) | ||
424 | { | ||
425 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
426 | "Failed to allocate credential.\n"); | ||
427 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
428 | pabc_free_public_parameters (ctx, &pp); | ||
429 | return GNUNET_SYSERR; | ||
430 | } | ||
431 | |||
432 | status = pabc_decode_credential (ctx, pp, cred, credential->data); | ||
433 | if (status != PABC_OK) | ||
434 | { | ||
435 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
436 | "Failed to decode credential.\n"); | ||
437 | pabc_free_credential (ctx, pp, &cred); | ||
438 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
439 | pabc_free_public_parameters (ctx, &pp); | ||
440 | return GNUNET_SYSERR; | ||
441 | } | ||
442 | |||
443 | status = pabc_new_proof (ctx, pp, &proof); | ||
444 | if (status != PABC_OK) | ||
445 | { | ||
446 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
447 | "Failed to allocate proof.\n"); | ||
448 | pabc_free_credential (ctx, pp, &cred); | ||
449 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
450 | pabc_free_public_parameters (ctx, &pp); | ||
451 | return GNUNET_SYSERR; | ||
452 | } | ||
453 | |||
454 | // now we can parse the attributes to disclose and configure the proof | ||
455 | for (ale = attrs->list_head; NULL != ale; ale = ale->next) | ||
456 | { | ||
457 | status = pabc_set_disclosure_by_attribute_name (ctx, pp, proof, | ||
458 | ale->attribute->name, | ||
459 | PABC_DISCLOSED, cred); | ||
460 | if (status != PABC_OK) | ||
461 | { | ||
462 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
463 | "Failed to configure proof.\n"); | ||
464 | pabc_free_credential (ctx, pp, &cred); | ||
465 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
466 | pabc_free_public_parameters (ctx, &pp); | ||
467 | return GNUNET_SYSERR; | ||
468 | } | ||
469 | } | ||
470 | |||
471 | // and finally -> sign the proof | ||
472 | status = pabc_gen_proof (ctx, usr_ctx, pp, proof, cred); | ||
473 | if (status != PABC_OK) | ||
474 | { | ||
475 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
476 | "Failed to sign proof.\n"); | ||
477 | pabc_free_proof (ctx, pp, &proof); | ||
478 | pabc_free_credential (ctx, pp, &cred); | ||
479 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
480 | pabc_free_public_parameters (ctx, &pp); | ||
481 | return GNUNET_SYSERR; | ||
482 | } | ||
483 | // print the result | ||
484 | char *json = NULL; | ||
485 | char *ppid = NULL; | ||
486 | char *userid = NULL; | ||
487 | GNUNET_assert (PABC_OK == pabc_cred_get_userid_from_cred (credential->data, | ||
488 | &userid)); | ||
489 | GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_cred (credential->data, | ||
490 | &ppid)); | ||
491 | pabc_cred_encode_proof (ctx, pp, proof, userid, ppid, &json); | ||
492 | GNUNET_free (ppid); | ||
493 | GNUNET_free (userid); | ||
494 | if (PABC_OK != status) | ||
495 | { | ||
496 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
497 | "Failed to serialize proof.\n"); | ||
498 | pabc_free_proof (ctx, pp, &proof); | ||
499 | pabc_free_credential (ctx, pp, &cred); | ||
500 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
501 | pabc_free_public_parameters (ctx, &pp); | ||
502 | return GNUNET_SYSERR; | ||
503 | } | ||
504 | char *json_enc; | ||
505 | GNUNET_STRINGS_base64_encode (json, | ||
506 | strlen (json) + 1, | ||
507 | &json_enc); | ||
508 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
509 | "Presentation: %s\n", json_enc); | ||
510 | // clean up | ||
511 | *presentation = GNUNET_RECLAIM_presentation_new ( | ||
512 | GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC, | ||
513 | json_enc, | ||
514 | strlen (json_enc) + 1); | ||
515 | GNUNET_free (json_enc); | ||
516 | PABC_FREE_NULL (json); | ||
517 | pabc_free_proof (ctx, pp, &proof); | ||
518 | pabc_free_credential (ctx, pp, &cred); | ||
519 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
520 | pabc_free_public_parameters (ctx, &pp); | ||
521 | return GNUNET_OK; | ||
522 | } | ||
523 | |||
524 | |||
525 | /** | ||
526 | * Entry point for the plugin. | ||
527 | * | ||
528 | * @param cls NULL | ||
529 | * @return the exported block API | ||
530 | */ | ||
531 | void * | ||
532 | libgnunet_plugin_reclaim_credential_pabc_init (void *cls) | ||
533 | { | ||
534 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
535 | |||
536 | api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); | ||
537 | api->value_to_string = &pabc_value_to_string; | ||
538 | api->string_to_value = &pabc_string_to_value; | ||
539 | api->typename_to_number = &pabc_typename_to_number; | ||
540 | api->number_to_typename = &pabc_number_to_typename; | ||
541 | api->get_attributes = &pabc_parse_attributes_c; | ||
542 | api->get_issuer = &pabc_get_issuer_c; | ||
543 | api->get_expiration = &pabc_get_expiration_c; | ||
544 | api->value_to_string_p = &pabc_value_to_string; | ||
545 | api->string_to_value_p = &pabc_string_to_value; | ||
546 | api->typename_to_number_p = &pabc_typename_to_number; | ||
547 | api->number_to_typename_p = &pabc_number_to_typename; | ||
548 | api->get_attributes_p = &pabc_parse_attributes_p; | ||
549 | api->get_issuer_p = &pabc_get_issuer_p; | ||
550 | api->get_expiration_p = &pabc_get_expiration_p; | ||
551 | api->create_presentation = &pabc_create_presentation; | ||
552 | return api; | ||
553 | } | ||
554 | |||
555 | |||
556 | /** | ||
557 | * Exit point from the plugin. | ||
558 | * | ||
559 | * @param cls the return value from #libgnunet_plugin_block_test_init() | ||
560 | * @return NULL | ||
561 | */ | ||
562 | void * | ||
563 | libgnunet_plugin_reclaim_credential_pabc_done (void *cls) | ||
564 | { | ||
565 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; | ||
566 | |||
567 | GNUNET_free (api); | ||
568 | return NULL; | ||
569 | } | ||
570 | |||
571 | |||
572 | /* end of plugin_reclaim_credential_type_pabc.c */ | ||
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c deleted file mode 100644 index d0aee043e..000000000 --- a/src/reclaim/plugin_rest_openid_connect.c +++ /dev/null | |||
@@ -1,3162 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2018 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @author Philippe Buschmann | ||
23 | * @author Tristan Schwieren | ||
24 | * @file identity/plugin_rest_openid_connect.c | ||
25 | * @brief GNUnet Namestore REST plugin | ||
26 | * | ||
27 | */ | ||
28 | #include "platform.h" | ||
29 | #include <inttypes.h> | ||
30 | #include <jansson.h> | ||
31 | #include <jose/jose.h> | ||
32 | |||
33 | #include "gnunet_util_lib.h" | ||
34 | #include "gnunet_gns_service.h" | ||
35 | #include "gnunet_gnsrecord_lib.h" | ||
36 | #include "gnunet_identity_service.h" | ||
37 | #include "gnunet_namestore_service.h" | ||
38 | #include "gnunet_reclaim_lib.h" | ||
39 | #include "gnunet_reclaim_service.h" | ||
40 | #include "gnunet_rest_lib.h" | ||
41 | #include "gnunet_rest_plugin.h" | ||
42 | #include "gnunet_signatures.h" | ||
43 | #include "microhttpd.h" | ||
44 | #include "oidc_helper.h" | ||
45 | |||
46 | /** | ||
47 | * REST root namespace | ||
48 | */ | ||
49 | #define GNUNET_REST_API_NS_OIDC "/openid" | ||
50 | |||
51 | /** | ||
52 | * OIDC config | ||
53 | */ | ||
54 | #define GNUNET_REST_API_NS_OIDC_CONFIG "/.well-known/openid-configuration" | ||
55 | |||
56 | /** | ||
57 | * Authorize endpoint | ||
58 | */ | ||
59 | #define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize" | ||
60 | |||
61 | /** | ||
62 | * Token endpoint | ||
63 | */ | ||
64 | #define GNUNET_REST_API_NS_TOKEN "/openid/token" | ||
65 | |||
66 | /** | ||
67 | * JSON Web Keys endpoint | ||
68 | */ | ||
69 | #define GNUNET_REST_API_JWKS "/jwks.json" | ||
70 | |||
71 | /** | ||
72 | * UserInfo endpoint | ||
73 | */ | ||
74 | #define GNUNET_REST_API_NS_USERINFO "/openid/userinfo" | ||
75 | |||
76 | /** | ||
77 | * Login namespace | ||
78 | */ | ||
79 | #define GNUNET_REST_API_NS_LOGIN "/openid/login" | ||
80 | |||
81 | /** | ||
82 | * State while collecting all egos | ||
83 | */ | ||
84 | #define ID_REST_STATE_INIT 0 | ||
85 | |||
86 | /** | ||
87 | * Done collecting egos | ||
88 | */ | ||
89 | #define ID_REST_STATE_POST_INIT 1 | ||
90 | |||
91 | /** | ||
92 | * OIDC grant_type key | ||
93 | */ | ||
94 | #define OIDC_GRANT_TYPE_KEY "grant_type" | ||
95 | |||
96 | /** | ||
97 | * OIDC grant_type key | ||
98 | */ | ||
99 | #define OIDC_GRANT_TYPE_VALUE "authorization_code" | ||
100 | |||
101 | /** | ||
102 | * OIDC code key | ||
103 | */ | ||
104 | #define OIDC_CODE_KEY "code" | ||
105 | |||
106 | /** | ||
107 | * OIDC response_type key | ||
108 | */ | ||
109 | #define OIDC_RESPONSE_TYPE_KEY "response_type" | ||
110 | |||
111 | /** | ||
112 | * OIDC client_id key | ||
113 | */ | ||
114 | #define OIDC_CLIENT_ID_KEY "client_id" | ||
115 | |||
116 | /** | ||
117 | * OIDC scope key | ||
118 | */ | ||
119 | #define OIDC_SCOPE_KEY "scope" | ||
120 | |||
121 | /** | ||
122 | * OIDC redirect_uri key | ||
123 | */ | ||
124 | #define OIDC_REDIRECT_URI_KEY "redirect_uri" | ||
125 | |||
126 | /** | ||
127 | * OIDC state key | ||
128 | */ | ||
129 | #define OIDC_STATE_KEY "state" | ||
130 | |||
131 | /** | ||
132 | * OIDC nonce key | ||
133 | */ | ||
134 | #define OIDC_NONCE_KEY "nonce" | ||
135 | |||
136 | /** | ||
137 | * OIDC claims key | ||
138 | */ | ||
139 | #define OIDC_CLAIMS_KEY "claims" | ||
140 | |||
141 | /** | ||
142 | * OIDC PKCE code challenge | ||
143 | */ | ||
144 | #define OIDC_CODE_CHALLENGE_KEY "code_challenge" | ||
145 | |||
146 | /** | ||
147 | * OIDC PKCE code verifier | ||
148 | */ | ||
149 | #define OIDC_CODE_VERIFIER_KEY "code_verifier" | ||
150 | |||
151 | /** | ||
152 | * OIDC cookie expiration (in seconds) | ||
153 | */ | ||
154 | #define OIDC_COOKIE_EXPIRATION 3 | ||
155 | |||
156 | /** | ||
157 | * OIDC cookie header key | ||
158 | */ | ||
159 | #define OIDC_COOKIE_HEADER_KEY "cookie" | ||
160 | |||
161 | /** | ||
162 | * OIDC cookie header information key | ||
163 | */ | ||
164 | #define OIDC_AUTHORIZATION_HEADER_KEY "authorization" | ||
165 | |||
166 | /** | ||
167 | * OIDC cookie header information key | ||
168 | */ | ||
169 | #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" | ||
170 | |||
171 | /** | ||
172 | * OIDC cookie header if user cancelled | ||
173 | */ | ||
174 | #define OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" | ||
175 | |||
176 | /** | ||
177 | * OIDC expected response_type while authorizing | ||
178 | */ | ||
179 | #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" | ||
180 | |||
181 | /** | ||
182 | * OIDC expected scope part while authorizing | ||
183 | */ | ||
184 | #define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" | ||
185 | |||
186 | /** | ||
187 | * OIDC error key for invalid client | ||
188 | */ | ||
189 | #define OIDC_ERROR_KEY_INVALID_CLIENT "invalid_client" | ||
190 | |||
191 | /** | ||
192 | * OIDC error key for invalid scopes | ||
193 | */ | ||
194 | #define OIDC_ERROR_KEY_INVALID_SCOPE "invalid_scope" | ||
195 | |||
196 | /** | ||
197 | * OIDC error key for invalid requests | ||
198 | */ | ||
199 | #define OIDC_ERROR_KEY_INVALID_REQUEST "invalid_request" | ||
200 | |||
201 | /** | ||
202 | * OIDC error key for invalid tokens | ||
203 | */ | ||
204 | #define OIDC_ERROR_KEY_INVALID_TOKEN "invalid_token" | ||
205 | |||
206 | /** | ||
207 | * OIDC error key for invalid cookies | ||
208 | */ | ||
209 | #define OIDC_ERROR_KEY_INVALID_COOKIE "invalid_cookie" | ||
210 | |||
211 | /** | ||
212 | * OIDC error key for generic server errors | ||
213 | */ | ||
214 | #define OIDC_ERROR_KEY_SERVER_ERROR "server_error" | ||
215 | |||
216 | /** | ||
217 | * OIDC error key for unsupported grants | ||
218 | */ | ||
219 | #define OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE "unsupported_grant_type" | ||
220 | |||
221 | /** | ||
222 | * OIDC error key for unsupported response types | ||
223 | */ | ||
224 | #define OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE "unsupported_response_type" | ||
225 | |||
226 | /** | ||
227 | * OIDC error key for unauthorized clients | ||
228 | */ | ||
229 | #define OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT "unauthorized_client" | ||
230 | |||
231 | /** | ||
232 | * OIDC error key for denied access | ||
233 | */ | ||
234 | #define OIDC_ERROR_KEY_ACCESS_DENIED "access_denied" | ||
235 | |||
236 | /** | ||
237 | * OIDC key store file name | ||
238 | */ | ||
239 | #define OIDC_JWK_RSA_FILENAME "jwk_rsa.json" | ||
240 | |||
241 | /** | ||
242 | * How long to wait for a consume in userinfo endpoint | ||
243 | */ | ||
244 | #define CONSUME_TIMEOUT GNUNET_TIME_relative_multiply ( \ | ||
245 | GNUNET_TIME_UNIT_SECONDS,2) | ||
246 | |||
247 | /** | ||
248 | * OIDC ignored parameter array | ||
249 | */ | ||
250 | static char *OIDC_ignored_parameter_array[] = { "display", | ||
251 | "prompt", | ||
252 | "ui_locales", | ||
253 | "response_mode", | ||
254 | "id_token_hint", | ||
255 | "login_hint", | ||
256 | "acr_values" }; | ||
257 | |||
258 | /** | ||
259 | * OIDC hashmap for cached access tokens and codes | ||
260 | */ | ||
261 | struct GNUNET_CONTAINER_MultiHashMap *oidc_code_cache; | ||
262 | |||
263 | /** | ||
264 | * OIDC hashmap that keeps track of issued cookies | ||
265 | */ | ||
266 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_cookie_jar_map; | ||
267 | |||
268 | /** | ||
269 | * The configuration handle | ||
270 | */ | ||
271 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
272 | |||
273 | /** | ||
274 | * HTTP methods allows for this plugin | ||
275 | */ | ||
276 | static char *allow_methods; | ||
277 | |||
278 | /** | ||
279 | * Ego list | ||
280 | */ | ||
281 | static struct EgoEntry *ego_head; | ||
282 | |||
283 | /** | ||
284 | * Ego list | ||
285 | */ | ||
286 | static struct EgoEntry *ego_tail; | ||
287 | |||
288 | /** | ||
289 | * The processing state | ||
290 | */ | ||
291 | static int state; | ||
292 | |||
293 | /** | ||
294 | * Handle to Identity service. | ||
295 | */ | ||
296 | static struct GNUNET_IDENTITY_Handle *identity_handle; | ||
297 | |||
298 | /** | ||
299 | * GNS handle | ||
300 | */ | ||
301 | static struct GNUNET_GNS_Handle *gns_handle; | ||
302 | |||
303 | /** | ||
304 | * Identity Provider | ||
305 | */ | ||
306 | static struct GNUNET_RECLAIM_Handle *idp; | ||
307 | |||
308 | /** | ||
309 | * Timeout for consume call on userinfo | ||
310 | */ | ||
311 | static struct GNUNET_TIME_Relative consume_timeout; | ||
312 | |||
313 | /** | ||
314 | * @brief struct returned by the initialization function of the plugin | ||
315 | */ | ||
316 | struct Plugin | ||
317 | { | ||
318 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
319 | }; | ||
320 | |||
321 | /** | ||
322 | * @brief The RSA key used by the oidc enpoint | ||
323 | */ | ||
324 | json_t *oidc_jwk; | ||
325 | |||
326 | /** | ||
327 | * OIDC needed variables | ||
328 | */ | ||
329 | struct OIDC_Variables | ||
330 | { | ||
331 | /** | ||
332 | * The RP client public key | ||
333 | */ | ||
334 | struct GNUNET_CRYPTO_PublicKey client_pkey; | ||
335 | |||
336 | /** | ||
337 | * The OIDC client id of the RP | ||
338 | */ | ||
339 | char *client_id; | ||
340 | |||
341 | /** | ||
342 | * The OIDC redirect uri | ||
343 | */ | ||
344 | char *redirect_uri; | ||
345 | |||
346 | /** | ||
347 | * The list of oidc scopes | ||
348 | */ | ||
349 | char *scope; | ||
350 | |||
351 | /** | ||
352 | * The OIDC state | ||
353 | */ | ||
354 | char *state; | ||
355 | |||
356 | /** | ||
357 | * The OIDC nonce | ||
358 | */ | ||
359 | char *nonce; | ||
360 | |||
361 | /** | ||
362 | * The OIDC claims | ||
363 | */ | ||
364 | char *claims; | ||
365 | |||
366 | /** | ||
367 | * The OIDC response type | ||
368 | */ | ||
369 | char *response_type; | ||
370 | |||
371 | /** | ||
372 | * The identity chosen by the user to login | ||
373 | */ | ||
374 | char *login_identity; | ||
375 | |||
376 | /** | ||
377 | * User cancelled authorization/login | ||
378 | */ | ||
379 | int user_cancelled; | ||
380 | |||
381 | /** | ||
382 | * The PKCE code_challenge | ||
383 | */ | ||
384 | char *code_challenge; | ||
385 | |||
386 | /** | ||
387 | * The PKCE code_verifier | ||
388 | */ | ||
389 | char *code_verifier; | ||
390 | |||
391 | }; | ||
392 | |||
393 | /** | ||
394 | * The ego list | ||
395 | */ | ||
396 | struct EgoEntry | ||
397 | { | ||
398 | /** | ||
399 | * DLL | ||
400 | */ | ||
401 | struct EgoEntry *next; | ||
402 | |||
403 | /** | ||
404 | * DLL | ||
405 | */ | ||
406 | struct EgoEntry *prev; | ||
407 | |||
408 | /** | ||
409 | * Ego Identifier | ||
410 | */ | ||
411 | char *identifier; | ||
412 | |||
413 | /** | ||
414 | * Public key string | ||
415 | */ | ||
416 | char *keystring; | ||
417 | |||
418 | /** | ||
419 | * The Ego | ||
420 | */ | ||
421 | struct GNUNET_IDENTITY_Ego *ego; | ||
422 | }; | ||
423 | |||
424 | |||
425 | struct RequestHandle | ||
426 | { | ||
427 | /** | ||
428 | * DLL | ||
429 | */ | ||
430 | struct RequestHandle *next; | ||
431 | |||
432 | /** | ||
433 | * DLL | ||
434 | */ | ||
435 | struct RequestHandle *prev; | ||
436 | |||
437 | /** | ||
438 | * Selected ego | ||
439 | */ | ||
440 | struct EgoEntry *ego_entry; | ||
441 | |||
442 | /** | ||
443 | * Pointer to ego private key | ||
444 | */ | ||
445 | struct GNUNET_CRYPTO_PrivateKey priv_key; | ||
446 | |||
447 | /** | ||
448 | * OIDC variables | ||
449 | */ | ||
450 | struct OIDC_Variables *oidc; | ||
451 | |||
452 | /** | ||
453 | * GNS lookup op | ||
454 | */ | ||
455 | struct GNUNET_GNS_LookupRequest *gns_op; | ||
456 | |||
457 | /** | ||
458 | * Rest connection | ||
459 | */ | ||
460 | struct GNUNET_REST_RequestHandle *rest_handle; | ||
461 | |||
462 | /** | ||
463 | * Attribute claim list for id_token | ||
464 | */ | ||
465 | struct GNUNET_RECLAIM_AttributeList *attr_idtoken_list; | ||
466 | |||
467 | /** | ||
468 | * Attribute claim list for userinfo | ||
469 | */ | ||
470 | struct GNUNET_RECLAIM_AttributeList *attr_userinfo_list; | ||
471 | |||
472 | /** | ||
473 | * Credentials | ||
474 | */ | ||
475 | struct GNUNET_RECLAIM_CredentialList *credentials; | ||
476 | |||
477 | /** | ||
478 | * Presentations | ||
479 | */ | ||
480 | struct GNUNET_RECLAIM_PresentationList *presentations; | ||
481 | |||
482 | /** | ||
483 | * IDENTITY Operation | ||
484 | */ | ||
485 | struct GNUNET_IDENTITY_Operation *op; | ||
486 | |||
487 | |||
488 | /** | ||
489 | * Idp Operation | ||
490 | */ | ||
491 | struct GNUNET_RECLAIM_Operation *idp_op; | ||
492 | |||
493 | /** | ||
494 | * Timeout task for consume | ||
495 | */ | ||
496 | struct GNUNET_SCHEDULER_Task *consume_timeout_op; | ||
497 | |||
498 | /** | ||
499 | * Attribute iterator | ||
500 | */ | ||
501 | struct GNUNET_RECLAIM_AttributeIterator *attr_it; | ||
502 | |||
503 | /** | ||
504 | * Credential iterator | ||
505 | */ | ||
506 | struct GNUNET_RECLAIM_CredentialIterator *cred_it; | ||
507 | |||
508 | |||
509 | /** | ||
510 | * Ticket iterator | ||
511 | */ | ||
512 | struct GNUNET_RECLAIM_TicketIterator *ticket_it; | ||
513 | |||
514 | /** | ||
515 | * A ticket | ||
516 | */ | ||
517 | struct GNUNET_RECLAIM_Ticket ticket; | ||
518 | |||
519 | /** | ||
520 | * Desired timeout for the lookup (default is no timeout). | ||
521 | */ | ||
522 | struct GNUNET_TIME_Relative timeout; | ||
523 | |||
524 | /** | ||
525 | * ID of a task associated with the resolution process. | ||
526 | */ | ||
527 | struct GNUNET_SCHEDULER_Task *timeout_task; | ||
528 | |||
529 | /** | ||
530 | * The plugin result processor | ||
531 | */ | ||
532 | GNUNET_REST_ResultProcessor proc; | ||
533 | |||
534 | /** | ||
535 | * The closure of the result processor | ||
536 | */ | ||
537 | void *proc_cls; | ||
538 | |||
539 | /** | ||
540 | * The url | ||
541 | */ | ||
542 | char *url; | ||
543 | |||
544 | /** | ||
545 | * The passed access token | ||
546 | */ | ||
547 | char *access_token; | ||
548 | |||
549 | /** | ||
550 | * The tld for redirect | ||
551 | */ | ||
552 | char *tld; | ||
553 | |||
554 | /** | ||
555 | * The redirect prefix | ||
556 | */ | ||
557 | char *redirect_prefix; | ||
558 | |||
559 | /** | ||
560 | * The redirect suffix | ||
561 | */ | ||
562 | char *redirect_suffix; | ||
563 | |||
564 | /** | ||
565 | * Error response message | ||
566 | */ | ||
567 | char *emsg; | ||
568 | |||
569 | /** | ||
570 | * Error response description | ||
571 | */ | ||
572 | char *edesc; | ||
573 | |||
574 | /** | ||
575 | * Response code | ||
576 | */ | ||
577 | int response_code; | ||
578 | |||
579 | /** | ||
580 | * Public client | ||
581 | */ | ||
582 | int public_client; | ||
583 | }; | ||
584 | |||
585 | /** | ||
586 | * DLL | ||
587 | */ | ||
588 | static struct RequestHandle *requests_head; | ||
589 | |||
590 | /** | ||
591 | * DLL | ||
592 | */ | ||
593 | static struct RequestHandle *requests_tail; | ||
594 | |||
595 | |||
596 | /** | ||
597 | * Cleanup lookup handle | ||
598 | * @param handle Handle to clean up | ||
599 | */ | ||
600 | static void | ||
601 | cleanup_handle (struct RequestHandle *handle) | ||
602 | { | ||
603 | |||
604 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); | ||
605 | if (NULL != handle->timeout_task) | ||
606 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | ||
607 | if (NULL != handle->attr_it) | ||
608 | GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); | ||
609 | if (NULL != handle->cred_it) | ||
610 | GNUNET_RECLAIM_get_credentials_stop (handle->cred_it); | ||
611 | if (NULL != handle->ticket_it) | ||
612 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); | ||
613 | if (NULL != handle->idp_op) | ||
614 | GNUNET_RECLAIM_cancel (handle->idp_op); | ||
615 | if (NULL != handle->consume_timeout_op) | ||
616 | GNUNET_SCHEDULER_cancel (handle->consume_timeout_op); | ||
617 | GNUNET_free (handle->url); | ||
618 | GNUNET_free (handle->tld); | ||
619 | GNUNET_free (handle->redirect_prefix); | ||
620 | GNUNET_free (handle->redirect_suffix); | ||
621 | GNUNET_free (handle->emsg); | ||
622 | GNUNET_free (handle->edesc); | ||
623 | if (NULL != handle->gns_op) | ||
624 | GNUNET_GNS_lookup_cancel (handle->gns_op); | ||
625 | if (NULL != handle->oidc) | ||
626 | { | ||
627 | GNUNET_free (handle->oidc->client_id); | ||
628 | GNUNET_free (handle->oidc->login_identity); | ||
629 | GNUNET_free (handle->oidc->nonce); | ||
630 | GNUNET_free (handle->oidc->redirect_uri); | ||
631 | GNUNET_free (handle->oidc->response_type); | ||
632 | GNUNET_free (handle->oidc->scope); | ||
633 | GNUNET_free (handle->oidc->state); | ||
634 | if (NULL != handle->oidc->claims) | ||
635 | GNUNET_free (handle->oidc->claims); | ||
636 | if (NULL != handle->oidc->code_challenge) | ||
637 | GNUNET_free (handle->oidc->code_challenge); | ||
638 | GNUNET_free (handle->oidc); | ||
639 | } | ||
640 | if (NULL!=handle->attr_idtoken_list) | ||
641 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_idtoken_list); | ||
642 | if (NULL!=handle->attr_userinfo_list) | ||
643 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_userinfo_list); | ||
644 | if (NULL!=handle->credentials) | ||
645 | GNUNET_RECLAIM_credential_list_destroy (handle->credentials); | ||
646 | if (NULL!=handle->presentations) | ||
647 | GNUNET_RECLAIM_presentation_list_destroy (handle->presentations); | ||
648 | GNUNET_CONTAINER_DLL_remove (requests_head, | ||
649 | requests_tail, | ||
650 | handle); | ||
651 | if (NULL != handle->access_token) | ||
652 | GNUNET_free (handle->access_token); | ||
653 | GNUNET_free (handle); | ||
654 | } | ||
655 | |||
656 | |||
657 | /** | ||
658 | * Task run on error, sends error message. Cleans up everything. | ||
659 | * | ||
660 | * @param cls the `struct RequestHandle` | ||
661 | */ | ||
662 | static void | ||
663 | do_error (void *cls) | ||
664 | { | ||
665 | struct RequestHandle *handle = cls; | ||
666 | struct MHD_Response *resp; | ||
667 | char *json_error; | ||
668 | |||
669 | GNUNET_asprintf (&json_error, | ||
670 | "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}", | ||
671 | handle->emsg, | ||
672 | (NULL != handle->edesc) ? handle->edesc : "", | ||
673 | (NULL != handle->oidc->state) ? ", \"state\":\"" : "", | ||
674 | (NULL != handle->oidc->state) ? handle->oidc->state : "", | ||
675 | (NULL != handle->oidc->state) ? "\"" : ""); | ||
676 | if (0 == handle->response_code) | ||
677 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
678 | resp = GNUNET_REST_create_response (json_error); | ||
679 | if (MHD_HTTP_UNAUTHORIZED == handle->response_code) | ||
680 | GNUNET_assert (MHD_NO != | ||
681 | MHD_add_response_header (resp, | ||
682 | MHD_HTTP_HEADER_WWW_AUTHENTICATE, | ||
683 | "Basic")); | ||
684 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
685 | MHD_HTTP_HEADER_CONTENT_TYPE, | ||
686 | "application/json")); | ||
687 | handle->proc (handle->proc_cls, resp, handle->response_code); | ||
688 | cleanup_handle (handle); | ||
689 | GNUNET_free (json_error); | ||
690 | } | ||
691 | |||
692 | |||
693 | /** | ||
694 | * Task run on error in userinfo endpoint, sends error header. Cleans up | ||
695 | * everything | ||
696 | * | ||
697 | * @param cls the `struct RequestHandle` | ||
698 | */ | ||
699 | static void | ||
700 | do_userinfo_error (void *cls) | ||
701 | { | ||
702 | struct RequestHandle *handle = cls; | ||
703 | struct MHD_Response *resp; | ||
704 | char *error; | ||
705 | |||
706 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
707 | "Error: %s\n", handle->edesc); | ||
708 | GNUNET_asprintf (&error, | ||
709 | "error=\"%s\", error_description=\"%s\"", | ||
710 | handle->emsg, | ||
711 | (NULL != handle->edesc) ? handle->edesc : ""); | ||
712 | resp = GNUNET_REST_create_response (""); | ||
713 | GNUNET_assert (MHD_NO != | ||
714 | MHD_add_response_header (resp, | ||
715 | MHD_HTTP_HEADER_WWW_AUTHENTICATE, | ||
716 | "Bearer")); | ||
717 | handle->proc (handle->proc_cls, resp, handle->response_code); | ||
718 | cleanup_handle (handle); | ||
719 | GNUNET_free (error); | ||
720 | } | ||
721 | |||
722 | |||
723 | /** | ||
724 | * Task run on error, sends error message and redirects. Cleans up everything. | ||
725 | * | ||
726 | * @param cls the `struct RequestHandle` | ||
727 | */ | ||
728 | static void | ||
729 | do_redirect_error (void *cls) | ||
730 | { | ||
731 | struct RequestHandle *handle = cls; | ||
732 | struct MHD_Response *resp; | ||
733 | char *redirect; | ||
734 | |||
735 | GNUNET_asprintf (&redirect, | ||
736 | "%s?error=%s&error_description=%s%s%s", | ||
737 | handle->oidc->redirect_uri, | ||
738 | handle->emsg, | ||
739 | handle->edesc, | ||
740 | (NULL != handle->oidc->state) ? "&state=" : "", | ||
741 | (NULL != handle->oidc->state) ? handle->oidc->state : ""); | ||
742 | resp = GNUNET_REST_create_response (""); | ||
743 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
744 | "Location", redirect)); | ||
745 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
746 | cleanup_handle (handle); | ||
747 | GNUNET_free (redirect); | ||
748 | } | ||
749 | |||
750 | |||
751 | /** | ||
752 | * Task run on timeout, sends error message. Cleans up everything. | ||
753 | * | ||
754 | * @param cls the `struct RequestHandle` | ||
755 | */ | ||
756 | static void | ||
757 | do_timeout (void *cls) | ||
758 | { | ||
759 | struct RequestHandle *handle = cls; | ||
760 | |||
761 | handle->timeout_task = NULL; | ||
762 | do_error (handle); | ||
763 | } | ||
764 | |||
765 | |||
766 | /** | ||
767 | * Respond to OPTIONS request | ||
768 | * | ||
769 | * @param con_handle the connection handle | ||
770 | * @param url the url | ||
771 | * @param cls the RequestHandle | ||
772 | */ | ||
773 | static void | ||
774 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
775 | const char *url, | ||
776 | void *cls) | ||
777 | { | ||
778 | struct MHD_Response *resp; | ||
779 | struct RequestHandle *handle = cls; | ||
780 | |||
781 | // For now, independent of path return all options | ||
782 | resp = GNUNET_REST_create_response (NULL); | ||
783 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); | ||
784 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
785 | cleanup_handle (handle); | ||
786 | return; | ||
787 | } | ||
788 | |||
789 | |||
790 | /** | ||
791 | * Interprets cookie header and pass its identity keystring to handle | ||
792 | */ | ||
793 | static void | ||
794 | cookie_identity_interpretation (struct RequestHandle *handle) | ||
795 | { | ||
796 | struct GNUNET_HashCode cache_key; | ||
797 | char *cookies; | ||
798 | struct GNUNET_TIME_Absolute current_time, *relog_time; | ||
799 | char delimiter[] = "; "; | ||
800 | char *tmp_cookies; | ||
801 | char *token; | ||
802 | char *value; | ||
803 | |||
804 | // gets identity of login try with cookie | ||
805 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, | ||
806 | strlen (OIDC_COOKIE_HEADER_KEY), | ||
807 | &cache_key); | ||
808 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
809 | ->header_param_map, | ||
810 | &cache_key)) | ||
811 | { | ||
812 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No cookie found\n"); | ||
813 | return; | ||
814 | } | ||
815 | // splits cookies and find 'Identity' cookie | ||
816 | tmp_cookies = | ||
817 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, | ||
818 | &cache_key); | ||
819 | cookies = GNUNET_strdup (tmp_cookies); | ||
820 | token = strtok (cookies, delimiter); | ||
821 | handle->oidc->user_cancelled = GNUNET_NO; | ||
822 | handle->oidc->login_identity = NULL; | ||
823 | if (NULL == token) | ||
824 | { | ||
825 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
826 | "Unable to parse cookie: %s\n", | ||
827 | cookies); | ||
828 | GNUNET_free (cookies); | ||
829 | return; | ||
830 | } | ||
831 | |||
832 | while (NULL != token) | ||
833 | { | ||
834 | if (0 == strcmp (token, OIDC_COOKIE_HEADER_ACCESS_DENIED)) | ||
835 | { | ||
836 | handle->oidc->user_cancelled = GNUNET_YES; | ||
837 | GNUNET_free (cookies); | ||
838 | return; | ||
839 | } | ||
840 | if (NULL != strstr (token, OIDC_COOKIE_HEADER_INFORMATION_KEY)) | ||
841 | break; | ||
842 | token = strtok (NULL, delimiter); | ||
843 | } | ||
844 | if (NULL == token) | ||
845 | { | ||
846 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
847 | "No cookie value to process: %s\n", | ||
848 | cookies); | ||
849 | GNUNET_free (cookies); | ||
850 | return; | ||
851 | } | ||
852 | GNUNET_CRYPTO_hash (token, strlen (token), &cache_key); | ||
853 | if (GNUNET_NO == | ||
854 | GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) | ||
855 | { | ||
856 | GNUNET_log ( | ||
857 | GNUNET_ERROR_TYPE_WARNING, | ||
858 | "Found cookie `%s', but no corresponding expiration entry present...\n", | ||
859 | token); | ||
860 | GNUNET_free (cookies); | ||
861 | return; | ||
862 | } | ||
863 | relog_time = | ||
864 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); | ||
865 | current_time = GNUNET_TIME_absolute_get (); | ||
866 | // 30 min after old login -> redirect to login | ||
867 | if (current_time.abs_value_us > relog_time->abs_value_us) | ||
868 | { | ||
869 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
870 | "Found cookie `%s', but it is expired.\n", | ||
871 | token); | ||
872 | GNUNET_free (cookies); | ||
873 | return; | ||
874 | } | ||
875 | value = strtok (token, OIDC_COOKIE_HEADER_INFORMATION_KEY); | ||
876 | GNUNET_assert (NULL != value); | ||
877 | handle->oidc->login_identity = GNUNET_strdup (value); | ||
878 | GNUNET_free (cookies); | ||
879 | } | ||
880 | |||
881 | |||
882 | /** | ||
883 | * @brief Read the the JSON Web Key in the given file and return it. | ||
884 | * Return NULL and emit warning if JSON can not be decoded or the key is | ||
885 | * invalid | ||
886 | * | ||
887 | * @param filename the file to read the JWK from | ||
888 | * @return json_t* the reed JWK | ||
889 | */ | ||
890 | json_t * | ||
891 | read_jwk_from_file (const char *filename) | ||
892 | { | ||
893 | json_t *jwk; | ||
894 | json_error_t error; | ||
895 | |||
896 | jwk = json_load_file (filename, JSON_DECODE_ANY, &error); | ||
897 | |||
898 | if (! jwk) | ||
899 | { | ||
900 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
901 | ("Could not read OIDC RSA key from config file; %s\n"), | ||
902 | error.text); | ||
903 | } | ||
904 | |||
905 | return jwk; | ||
906 | } | ||
907 | |||
908 | /** | ||
909 | * @brief Write the JWK to file. If unsuccessful emit warning | ||
910 | * | ||
911 | * @param filename the name of the file the JWK is writen to | ||
912 | * @param jwk the JWK that is going to be written | ||
913 | * @return int Return GNUNET_OK if write is sucessfull | ||
914 | */ | ||
915 | static int | ||
916 | write_jwk_to_file (const char *filename, | ||
917 | json_t *jwk) | ||
918 | { | ||
919 | if (json_dump_file (jwk, filename, JSON_INDENT (2))) | ||
920 | { | ||
921 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
922 | ("Could not write OIDC RSA key to file %s\n"), | ||
923 | filename); | ||
924 | return GNUNET_ERROR_TYPE_WARNING; | ||
925 | } | ||
926 | else | ||
927 | return GNUNET_OK; | ||
928 | } | ||
929 | |||
930 | /** | ||
931 | * @brief Generate a new RSA JSON Web Key | ||
932 | * | ||
933 | * @return json_t* the generated JWK | ||
934 | */ | ||
935 | json_t * | ||
936 | generate_jwk () | ||
937 | { | ||
938 | json_t *jwk; | ||
939 | jwk = json_pack ("{s:s,s:i}", "kty", "RSA", "bits", 2048); | ||
940 | jose_jwk_gen (NULL, jwk); | ||
941 | json_incref (jwk); | ||
942 | return jwk; | ||
943 | } | ||
944 | |||
945 | /** | ||
946 | * Return the path to the oidc directory path | ||
947 | * | ||
948 | * @param cls the RequestHandle | ||
949 | */ | ||
950 | char * | ||
951 | get_oidc_dir_path (void *cls) | ||
952 | { | ||
953 | char *oidc_directory; | ||
954 | struct RequestHandle *handle = cls; | ||
955 | |||
956 | // Read OIDC directory from config | ||
957 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, | ||
958 | "reclaim-rest-plugin", | ||
959 | "oidc_dir", | ||
960 | &oidc_directory)) | ||
961 | { | ||
962 | // Could not read Config file | ||
963 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
964 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
965 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
966 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
967 | return NULL; | ||
968 | } | ||
969 | |||
970 | return oidc_directory; | ||
971 | } | ||
972 | |||
973 | /** | ||
974 | * Return the path to the RSA JWK key file | ||
975 | * | ||
976 | * @param cls the RequestHandle | ||
977 | */ | ||
978 | char * | ||
979 | get_oidc_jwk_path (void *cls) | ||
980 | { | ||
981 | char *oidc_directory; | ||
982 | char *oidc_jwk_path; | ||
983 | |||
984 | oidc_directory = get_oidc_dir_path (cls); | ||
985 | |||
986 | // Create path to file | ||
987 | GNUNET_asprintf (&oidc_jwk_path, "%s/%s", oidc_directory, | ||
988 | OIDC_JWK_RSA_FILENAME); | ||
989 | |||
990 | return oidc_jwk_path; | ||
991 | } | ||
992 | |||
993 | |||
994 | /** | ||
995 | * Redirects to login page stored in configuration file | ||
996 | */ | ||
997 | static void | ||
998 | login_redirect (void *cls) | ||
999 | { | ||
1000 | char *login_base_url; | ||
1001 | char *new_redirect; | ||
1002 | char *tmp; | ||
1003 | struct MHD_Response *resp; | ||
1004 | struct GNUNET_Buffer buf = { 0 }; | ||
1005 | struct RequestHandle *handle = cls; | ||
1006 | |||
1007 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, | ||
1008 | "reclaim-rest-plugin", | ||
1009 | "address", | ||
1010 | &login_base_url)) | ||
1011 | { | ||
1012 | GNUNET_buffer_write_str (&buf, login_base_url); | ||
1013 | GNUNET_buffer_write_fstr (&buf, | ||
1014 | "?%s=%s", | ||
1015 | OIDC_RESPONSE_TYPE_KEY, | ||
1016 | handle->oidc->response_type); | ||
1017 | GNUNET_buffer_write_fstr (&buf, | ||
1018 | "&%s=%s", | ||
1019 | OIDC_CLIENT_ID_KEY, | ||
1020 | handle->oidc->client_id); | ||
1021 | GNUNET_STRINGS_urlencode (handle->oidc->redirect_uri, | ||
1022 | strlen (handle->oidc->redirect_uri), | ||
1023 | &tmp); | ||
1024 | GNUNET_buffer_write_fstr (&buf, | ||
1025 | "&%s=%s", | ||
1026 | OIDC_REDIRECT_URI_KEY, | ||
1027 | tmp); | ||
1028 | GNUNET_free (tmp); | ||
1029 | GNUNET_STRINGS_urlencode (handle->oidc->scope, | ||
1030 | strlen (handle->oidc->scope), | ||
1031 | &tmp); | ||
1032 | GNUNET_buffer_write_fstr (&buf, | ||
1033 | "&%s=%s", | ||
1034 | OIDC_SCOPE_KEY, | ||
1035 | tmp); | ||
1036 | GNUNET_free (tmp); | ||
1037 | if (NULL != handle->oidc->state) | ||
1038 | { | ||
1039 | GNUNET_STRINGS_urlencode (handle->oidc->state, | ||
1040 | strlen (handle->oidc->state), | ||
1041 | &tmp); | ||
1042 | GNUNET_buffer_write_fstr (&buf, | ||
1043 | "&%s=%s", | ||
1044 | OIDC_STATE_KEY, | ||
1045 | handle->oidc->state); | ||
1046 | GNUNET_free (tmp); | ||
1047 | } | ||
1048 | if (NULL != handle->oidc->code_challenge) | ||
1049 | { | ||
1050 | GNUNET_buffer_write_fstr (&buf, | ||
1051 | "&%s=%s", | ||
1052 | OIDC_CODE_CHALLENGE_KEY, | ||
1053 | handle->oidc->code_challenge); | ||
1054 | } | ||
1055 | if (NULL != handle->oidc->nonce) | ||
1056 | { | ||
1057 | GNUNET_buffer_write_fstr (&buf, | ||
1058 | "&%s=%s", | ||
1059 | OIDC_NONCE_KEY, | ||
1060 | handle->oidc->nonce); | ||
1061 | } | ||
1062 | if (NULL != handle->oidc->claims) | ||
1063 | { | ||
1064 | GNUNET_STRINGS_urlencode (handle->oidc->claims, | ||
1065 | strlen (handle->oidc->claims), | ||
1066 | &tmp); | ||
1067 | GNUNET_buffer_write_fstr (&buf, | ||
1068 | "&%s=%s", | ||
1069 | OIDC_CLAIMS_KEY, | ||
1070 | tmp); | ||
1071 | GNUNET_free (tmp); | ||
1072 | } | ||
1073 | new_redirect = GNUNET_buffer_reap_str (&buf); | ||
1074 | resp = GNUNET_REST_create_response (""); | ||
1075 | MHD_add_response_header (resp, "Location", new_redirect); | ||
1076 | GNUNET_free (login_base_url); | ||
1077 | } | ||
1078 | else | ||
1079 | { | ||
1080 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1081 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
1082 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1083 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1084 | return; | ||
1085 | } | ||
1086 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1087 | GNUNET_free (new_redirect); | ||
1088 | cleanup_handle (handle); | ||
1089 | } | ||
1090 | |||
1091 | |||
1092 | /** | ||
1093 | * Does internal server error when iteration failed. | ||
1094 | */ | ||
1095 | static void | ||
1096 | oidc_iteration_error (void *cls) | ||
1097 | { | ||
1098 | struct RequestHandle *handle = cls; | ||
1099 | |||
1100 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1101 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1102 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1103 | } | ||
1104 | |||
1105 | |||
1106 | /** | ||
1107 | * Issues ticket and redirects to relying party with the authorization code as | ||
1108 | * parameter. Otherwise redirects with error | ||
1109 | */ | ||
1110 | static void | ||
1111 | oidc_ticket_issue_cb (void *cls, | ||
1112 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
1113 | const struct | ||
1114 | GNUNET_RECLAIM_PresentationList *presentation) | ||
1115 | { | ||
1116 | struct RequestHandle *handle = cls; | ||
1117 | struct MHD_Response *resp; | ||
1118 | char *ticket_str; | ||
1119 | char *redirect_uri; | ||
1120 | char *code_string; | ||
1121 | |||
1122 | handle->idp_op = NULL; | ||
1123 | if (NULL == ticket) | ||
1124 | { | ||
1125 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1126 | handle->edesc = GNUNET_strdup ("Server cannot generate ticket."); | ||
1127 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1128 | return; | ||
1129 | } | ||
1130 | handle->ticket = *ticket; | ||
1131 | ticket_str = | ||
1132 | GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, | ||
1133 | sizeof(struct GNUNET_RECLAIM_Ticket)); | ||
1134 | code_string = OIDC_build_authz_code (&handle->priv_key, | ||
1135 | &handle->ticket, | ||
1136 | handle->attr_idtoken_list, | ||
1137 | presentation, | ||
1138 | handle->oidc->nonce, | ||
1139 | handle->oidc->code_challenge); | ||
1140 | if ((NULL != handle->redirect_prefix) && (NULL != handle->redirect_suffix) && | ||
1141 | (NULL != handle->tld)) | ||
1142 | { | ||
1143 | GNUNET_asprintf (&redirect_uri, | ||
1144 | "%s.%s/%s%s%s=%s&state=%s", | ||
1145 | handle->redirect_prefix, | ||
1146 | handle->tld, | ||
1147 | handle->redirect_suffix, | ||
1148 | (NULL == strchr (handle->redirect_suffix, '?') ? "?" : | ||
1149 | "&"), | ||
1150 | handle->oidc->response_type, | ||
1151 | code_string, | ||
1152 | handle->oidc->state); | ||
1153 | } | ||
1154 | else | ||
1155 | { | ||
1156 | GNUNET_asprintf (&redirect_uri, | ||
1157 | "%s%s%s=%s&state=%s", | ||
1158 | handle->oidc->redirect_uri, | ||
1159 | (NULL == strchr (handle->oidc->redirect_uri, '?') ? "?" : | ||
1160 | "&"), | ||
1161 | handle->oidc->response_type, | ||
1162 | code_string, | ||
1163 | handle->oidc->state); | ||
1164 | } | ||
1165 | resp = GNUNET_REST_create_response (""); | ||
1166 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
1167 | "Location", redirect_uri)); | ||
1168 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1169 | cleanup_handle (handle); | ||
1170 | GNUNET_free (redirect_uri); | ||
1171 | GNUNET_free (ticket_str); | ||
1172 | GNUNET_free (code_string); | ||
1173 | } | ||
1174 | |||
1175 | |||
1176 | static struct GNUNET_RECLAIM_AttributeList* | ||
1177 | attribute_list_merge (struct GNUNET_RECLAIM_AttributeList *list_a, | ||
1178 | struct GNUNET_RECLAIM_AttributeList *list_b) | ||
1179 | { | ||
1180 | struct GNUNET_RECLAIM_AttributeList *merged_list; | ||
1181 | struct GNUNET_RECLAIM_AttributeListEntry *le_a; | ||
1182 | struct GNUNET_RECLAIM_AttributeListEntry *le_b; | ||
1183 | struct GNUNET_RECLAIM_AttributeListEntry *le_m; | ||
1184 | |||
1185 | merged_list = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
1186 | for (le_a = list_a->list_head; NULL != le_a; le_a = le_a->next) | ||
1187 | { | ||
1188 | le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
1189 | le_m->attribute = GNUNET_RECLAIM_attribute_new (le_a->attribute->name, | ||
1190 | &le_a->attribute-> | ||
1191 | credential, | ||
1192 | le_a->attribute->type, | ||
1193 | le_a->attribute->data, | ||
1194 | le_a->attribute->data_size); | ||
1195 | le_m->attribute->id = le_a->attribute->id; | ||
1196 | le_m->attribute->flag = le_a->attribute->flag; | ||
1197 | le_m->attribute->credential = le_a->attribute->credential; | ||
1198 | GNUNET_CONTAINER_DLL_insert (merged_list->list_head, | ||
1199 | merged_list->list_tail, | ||
1200 | le_m); | ||
1201 | } | ||
1202 | le_m = NULL; | ||
1203 | for (le_b = list_b->list_head; NULL != le_b; le_b = le_b->next) | ||
1204 | { | ||
1205 | for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next) | ||
1206 | { | ||
1207 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_equal (&le_m->attribute->id, | ||
1208 | &le_b->attribute->id)) | ||
1209 | break; /** Attribute already in list **/ | ||
1210 | } | ||
1211 | if (NULL != le_m) | ||
1212 | continue; /** Attribute already in list **/ | ||
1213 | le_m = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
1214 | le_m->attribute = GNUNET_RECLAIM_attribute_new (le_b->attribute->name, | ||
1215 | &le_b->attribute-> | ||
1216 | credential, | ||
1217 | le_b->attribute->type, | ||
1218 | le_b->attribute->data, | ||
1219 | le_b->attribute->data_size); | ||
1220 | le_m->attribute->id = le_b->attribute->id; | ||
1221 | le_m->attribute->flag = le_b->attribute->flag; | ||
1222 | le_m->attribute->credential = le_b->attribute->credential; | ||
1223 | GNUNET_CONTAINER_DLL_insert (merged_list->list_head, | ||
1224 | merged_list->list_tail, | ||
1225 | le_m); | ||
1226 | } | ||
1227 | return merged_list; | ||
1228 | } | ||
1229 | |||
1230 | |||
1231 | static void | ||
1232 | oidc_cred_collect_finished_cb (void *cls) | ||
1233 | { | ||
1234 | struct RequestHandle *handle = cls; | ||
1235 | struct GNUNET_RECLAIM_AttributeList *merged_list; | ||
1236 | struct GNUNET_RECLAIM_AttributeListEntry *le_m; | ||
1237 | |||
1238 | handle->cred_it = NULL; | ||
1239 | merged_list = attribute_list_merge (handle->attr_idtoken_list, | ||
1240 | handle->attr_userinfo_list); | ||
1241 | for (le_m = merged_list->list_head; NULL != le_m; le_m = le_m->next) | ||
1242 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1243 | "List Attribute in ticket to issue: %s\n", | ||
1244 | le_m->attribute->name); | ||
1245 | handle->idp_op = GNUNET_RECLAIM_ticket_issue (idp, | ||
1246 | &handle->priv_key, | ||
1247 | &handle->oidc->client_pkey, | ||
1248 | merged_list, | ||
1249 | &oidc_ticket_issue_cb, | ||
1250 | handle); | ||
1251 | GNUNET_RECLAIM_attribute_list_destroy (merged_list); | ||
1252 | } | ||
1253 | |||
1254 | |||
1255 | /** | ||
1256 | * Collects all attributes for an ego if in scope parameter | ||
1257 | */ | ||
1258 | static void | ||
1259 | oidc_cred_collect (void *cls, | ||
1260 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
1261 | const struct GNUNET_RECLAIM_Credential *cred) | ||
1262 | { | ||
1263 | struct RequestHandle *handle = cls; | ||
1264 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
1265 | struct GNUNET_RECLAIM_CredentialListEntry *ale; | ||
1266 | |||
1267 | for (ale = handle->credentials->list_head; NULL != ale; ale = ale->next) | ||
1268 | { | ||
1269 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&ale->credential->id, | ||
1270 | &cred->id)) | ||
1271 | continue; | ||
1272 | /** Credential already in list **/ | ||
1273 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); | ||
1274 | return; | ||
1275 | } | ||
1276 | |||
1277 | for (le = handle->attr_idtoken_list->list_head; NULL != le; le = le->next) | ||
1278 | { | ||
1279 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal (&le->attribute->credential, | ||
1280 | &cred->id)) | ||
1281 | continue; | ||
1282 | /** Credential matches for attribute, add **/ | ||
1283 | ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); | ||
1284 | ale->credential = GNUNET_RECLAIM_credential_new (cred->name, | ||
1285 | cred->type, | ||
1286 | cred->data, | ||
1287 | cred->data_size); | ||
1288 | GNUNET_CONTAINER_DLL_insert (handle->credentials->list_head, | ||
1289 | handle->credentials->list_tail, | ||
1290 | ale); | ||
1291 | } | ||
1292 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); | ||
1293 | } | ||
1294 | |||
1295 | |||
1296 | static void | ||
1297 | oidc_attr_collect_finished_cb (void *cls) | ||
1298 | { | ||
1299 | struct RequestHandle *handle = cls; | ||
1300 | |||
1301 | handle->attr_it = NULL; | ||
1302 | handle->ticket_it = NULL; | ||
1303 | if (NULL == handle->attr_idtoken_list->list_head) | ||
1304 | { | ||
1305 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | ||
1306 | handle->edesc = GNUNET_strdup ("The requested scope is not available."); | ||
1307 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1308 | return; | ||
1309 | } | ||
1310 | handle->credentials = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); | ||
1311 | handle->cred_it = | ||
1312 | GNUNET_RECLAIM_get_credentials_start (idp, | ||
1313 | &handle->priv_key, | ||
1314 | &oidc_iteration_error, | ||
1315 | handle, | ||
1316 | &oidc_cred_collect, | ||
1317 | handle, | ||
1318 | &oidc_cred_collect_finished_cb, | ||
1319 | handle); | ||
1320 | |||
1321 | } | ||
1322 | |||
1323 | |||
1324 | static int | ||
1325 | attr_in_claims_request (struct RequestHandle *handle, | ||
1326 | const char *attr_name, | ||
1327 | const char *claims_parameter) | ||
1328 | { | ||
1329 | int ret = GNUNET_NO; | ||
1330 | json_t *root; | ||
1331 | json_error_t error; | ||
1332 | json_t *claims_j; | ||
1333 | const char *key; | ||
1334 | json_t *value; | ||
1335 | |||
1336 | /** Check if attribute is requested through a scope **/ | ||
1337 | if (GNUNET_YES == OIDC_check_scopes_for_claim_request (handle->oidc->scope, | ||
1338 | attr_name)) | ||
1339 | return GNUNET_YES; | ||
1340 | |||
1341 | /** Try claims parameter if not in scope */ | ||
1342 | if (NULL != handle->oidc->claims) | ||
1343 | { | ||
1344 | root = json_loads (handle->oidc->claims, JSON_DECODE_ANY, &error); | ||
1345 | claims_j = json_object_get (root, claims_parameter); | ||
1346 | /* obj is a JSON object */ | ||
1347 | if (NULL != claims_j) | ||
1348 | { | ||
1349 | json_object_foreach (claims_j, key, value) { | ||
1350 | if (0 != strcmp (attr_name, key)) | ||
1351 | continue; | ||
1352 | ret = GNUNET_YES; | ||
1353 | break; | ||
1354 | } | ||
1355 | } | ||
1356 | json_decref (root); | ||
1357 | } | ||
1358 | return ret; | ||
1359 | } | ||
1360 | |||
1361 | |||
1362 | static int | ||
1363 | attr_in_idtoken_request (struct RequestHandle *handle, | ||
1364 | const char *attr_name) | ||
1365 | { | ||
1366 | return attr_in_claims_request (handle, attr_name, "id_token"); | ||
1367 | } | ||
1368 | |||
1369 | |||
1370 | static int | ||
1371 | attr_in_userinfo_request (struct RequestHandle *handle, | ||
1372 | const char *attr_name) | ||
1373 | { | ||
1374 | return attr_in_claims_request (handle, attr_name, "userinfo"); | ||
1375 | } | ||
1376 | |||
1377 | |||
1378 | /** | ||
1379 | * Collects all attributes for an ego if in scope parameter | ||
1380 | */ | ||
1381 | static void | ||
1382 | oidc_attr_collect (void *cls, | ||
1383 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
1384 | const struct GNUNET_RECLAIM_Attribute *attr) | ||
1385 | { | ||
1386 | struct RequestHandle *handle = cls; | ||
1387 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
1388 | if (GNUNET_YES == attr_in_idtoken_request (handle, attr->name)) | ||
1389 | { | ||
1390 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
1391 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | ||
1392 | &attr->credential, | ||
1393 | attr->type, | ||
1394 | attr->data, | ||
1395 | attr->data_size); | ||
1396 | le->attribute->id = attr->id; | ||
1397 | le->attribute->flag = attr->flag; | ||
1398 | le->attribute->credential = attr->credential; | ||
1399 | GNUNET_CONTAINER_DLL_insert (handle->attr_idtoken_list->list_head, | ||
1400 | handle->attr_idtoken_list->list_tail, | ||
1401 | le); | ||
1402 | } | ||
1403 | if (GNUNET_YES == attr_in_userinfo_request (handle, attr->name)) | ||
1404 | { | ||
1405 | le = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
1406 | le->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | ||
1407 | &attr->credential, | ||
1408 | attr->type, | ||
1409 | attr->data, | ||
1410 | attr->data_size); | ||
1411 | le->attribute->id = attr->id; | ||
1412 | le->attribute->flag = attr->flag; | ||
1413 | le->attribute->credential = attr->credential; | ||
1414 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, | ||
1415 | handle->attr_userinfo_list->list_tail, | ||
1416 | le); | ||
1417 | } | ||
1418 | |||
1419 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | ||
1420 | } | ||
1421 | |||
1422 | |||
1423 | /** | ||
1424 | * Checks time and cookie and redirects accordingly | ||
1425 | */ | ||
1426 | static void | ||
1427 | code_redirect (void *cls) | ||
1428 | { | ||
1429 | struct RequestHandle *handle = cls; | ||
1430 | struct GNUNET_TIME_Absolute current_time; | ||
1431 | struct GNUNET_TIME_Absolute *relog_time; | ||
1432 | struct GNUNET_CRYPTO_PublicKey pubkey; | ||
1433 | struct GNUNET_CRYPTO_PublicKey ego_pkey; | ||
1434 | struct GNUNET_HashCode cache_key; | ||
1435 | char *identity_cookie; | ||
1436 | |||
1437 | GNUNET_asprintf (&identity_cookie, | ||
1438 | "Identity=%s", | ||
1439 | handle->oidc->login_identity); | ||
1440 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); | ||
1441 | GNUNET_free (identity_cookie); | ||
1442 | // No login time for identity -> redirect to login | ||
1443 | if (GNUNET_YES == | ||
1444 | GNUNET_CONTAINER_multihashmap_contains (OIDC_cookie_jar_map, &cache_key)) | ||
1445 | { | ||
1446 | relog_time = | ||
1447 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); | ||
1448 | current_time = GNUNET_TIME_absolute_get (); | ||
1449 | // 30 min after old login -> redirect to login | ||
1450 | if (current_time.abs_value_us <= relog_time->abs_value_us) | ||
1451 | { | ||
1452 | if (GNUNET_OK != | ||
1453 | GNUNET_CRYPTO_public_key_from_string (handle->oidc | ||
1454 | ->login_identity, | ||
1455 | &pubkey)) | ||
1456 | { | ||
1457 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_COOKIE); | ||
1458 | handle->edesc = | ||
1459 | GNUNET_strdup ("The cookie of a login identity is not valid"); | ||
1460 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1461 | return; | ||
1462 | } | ||
1463 | // iterate over egos and compare their public key | ||
1464 | for (handle->ego_entry = ego_head; NULL != handle->ego_entry; | ||
1465 | handle->ego_entry = handle->ego_entry->next) | ||
1466 | { | ||
1467 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey); | ||
1468 | if (0 == GNUNET_memcmp (&ego_pkey, &pubkey)) | ||
1469 | { | ||
1470 | handle->priv_key = | ||
1471 | *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); | ||
1472 | handle->attr_idtoken_list = | ||
1473 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
1474 | handle->attr_userinfo_list = | ||
1475 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
1476 | handle->attr_it = | ||
1477 | GNUNET_RECLAIM_get_attributes_start (idp, | ||
1478 | &handle->priv_key, | ||
1479 | &oidc_iteration_error, | ||
1480 | handle, | ||
1481 | &oidc_attr_collect, | ||
1482 | handle, | ||
1483 | &oidc_attr_collect_finished_cb, | ||
1484 | handle); | ||
1485 | return; | ||
1486 | } | ||
1487 | } | ||
1488 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); | ||
1489 | return; | ||
1490 | } | ||
1491 | } | ||
1492 | } | ||
1493 | |||
1494 | |||
1495 | static void | ||
1496 | build_redirect (void *cls) | ||
1497 | { | ||
1498 | struct RequestHandle *handle = cls; | ||
1499 | struct MHD_Response *resp; | ||
1500 | char *redirect_uri; | ||
1501 | |||
1502 | if (GNUNET_YES == handle->oidc->user_cancelled) | ||
1503 | { | ||
1504 | if ((NULL != handle->redirect_prefix) && | ||
1505 | (NULL != handle->redirect_suffix) && (NULL != handle->tld)) | ||
1506 | { | ||
1507 | GNUNET_asprintf (&redirect_uri, | ||
1508 | "%s.%s/%s?error=%s&error_description=%s&state=%s", | ||
1509 | handle->redirect_prefix, | ||
1510 | handle->tld, | ||
1511 | handle->redirect_suffix, | ||
1512 | "access_denied", | ||
1513 | "User denied access", | ||
1514 | handle->oidc->state); | ||
1515 | } | ||
1516 | else | ||
1517 | { | ||
1518 | GNUNET_asprintf (&redirect_uri, | ||
1519 | "%s?error=%s&error_description=%s&state=%s", | ||
1520 | handle->oidc->redirect_uri, | ||
1521 | "access_denied", | ||
1522 | "User denied access", | ||
1523 | handle->oidc->state); | ||
1524 | } | ||
1525 | resp = GNUNET_REST_create_response (""); | ||
1526 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
1527 | "Location", | ||
1528 | redirect_uri)); | ||
1529 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1530 | cleanup_handle (handle); | ||
1531 | GNUNET_free (redirect_uri); | ||
1532 | return; | ||
1533 | } | ||
1534 | GNUNET_SCHEDULER_add_now (&code_redirect, handle); | ||
1535 | } | ||
1536 | |||
1537 | |||
1538 | static void | ||
1539 | lookup_redirect_uri_result (void *cls, | ||
1540 | uint32_t rd_count, | ||
1541 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1542 | { | ||
1543 | struct RequestHandle *handle = cls; | ||
1544 | char *tmp; | ||
1545 | char *tmp_key_str; | ||
1546 | char *pos; | ||
1547 | struct GNUNET_CRYPTO_PublicKey redirect_zone; | ||
1548 | |||
1549 | handle->gns_op = NULL; | ||
1550 | if (0 == rd_count) | ||
1551 | { | ||
1552 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1553 | handle->edesc = | ||
1554 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); | ||
1555 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1556 | return; | ||
1557 | } | ||
1558 | for (int i = 0; i < rd_count; i++) | ||
1559 | { | ||
1560 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | ||
1561 | continue; | ||
1562 | if (0 != strncmp (rd[i].data, handle->oidc->redirect_uri, rd[i].data_size)) | ||
1563 | continue; | ||
1564 | tmp = GNUNET_strndup (rd[i].data, rd[i].data_size); | ||
1565 | if (NULL == strstr (tmp, handle->oidc->client_id)) | ||
1566 | { | ||
1567 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1568 | "Redirect uri %s does not contain client_id %s\n", | ||
1569 | tmp, | ||
1570 | handle->oidc->client_id); | ||
1571 | } | ||
1572 | else | ||
1573 | { | ||
1574 | pos = strrchr (tmp, (unsigned char) '.'); | ||
1575 | if (NULL == pos) | ||
1576 | { | ||
1577 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1578 | "Redirect uri %s contains client_id but is malformed\n", | ||
1579 | tmp); | ||
1580 | GNUNET_free (tmp); | ||
1581 | continue; | ||
1582 | } | ||
1583 | *pos = '\0'; | ||
1584 | handle->redirect_prefix = GNUNET_strdup (tmp); | ||
1585 | tmp_key_str = pos + 1; | ||
1586 | pos = strchr (tmp_key_str, (unsigned char) '/'); | ||
1587 | if (NULL == pos) | ||
1588 | { | ||
1589 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1590 | "Redirect uri %s contains client_id but is malformed\n", | ||
1591 | tmp); | ||
1592 | GNUNET_free (tmp); | ||
1593 | continue; | ||
1594 | } | ||
1595 | *pos = '\0'; | ||
1596 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | ||
1597 | |||
1598 | GNUNET_STRINGS_string_to_data (tmp_key_str, | ||
1599 | strlen (tmp_key_str), | ||
1600 | &redirect_zone, | ||
1601 | sizeof(redirect_zone)); | ||
1602 | } | ||
1603 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); | ||
1604 | GNUNET_free (tmp); | ||
1605 | return; | ||
1606 | } | ||
1607 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
1608 | handle->edesc = | ||
1609 | GNUNET_strdup ("Server cannot generate ticket, redirect uri not found."); | ||
1610 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1611 | } | ||
1612 | |||
1613 | |||
1614 | /** | ||
1615 | * Initiate redirect back to client. | ||
1616 | */ | ||
1617 | static void | ||
1618 | client_redirect (void *cls) | ||
1619 | { | ||
1620 | struct RequestHandle *handle = cls; | ||
1621 | |||
1622 | /* Lookup client redirect uri to verify request */ | ||
1623 | handle->gns_op = | ||
1624 | GNUNET_GNS_lookup (gns_handle, | ||
1625 | GNUNET_GNS_EMPTY_LABEL_AT, | ||
1626 | &handle->oidc->client_pkey, | ||
1627 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, | ||
1628 | GNUNET_GNS_LO_DEFAULT, | ||
1629 | &lookup_redirect_uri_result, | ||
1630 | handle); | ||
1631 | } | ||
1632 | |||
1633 | |||
1634 | static char * | ||
1635 | get_url_parameter_copy (const struct RequestHandle *handle, const char *key) | ||
1636 | { | ||
1637 | struct GNUNET_HashCode hc; | ||
1638 | char *value; | ||
1639 | char *res; | ||
1640 | |||
1641 | GNUNET_CRYPTO_hash (key, strlen (key), &hc); | ||
1642 | if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
1643 | ->url_param_map, | ||
1644 | &hc)) | ||
1645 | return NULL; | ||
1646 | value = | ||
1647 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, &hc); | ||
1648 | if (NULL == value) | ||
1649 | return NULL; | ||
1650 | GNUNET_STRINGS_urldecode (value, strlen (value), &res); | ||
1651 | return res; | ||
1652 | } | ||
1653 | |||
1654 | |||
1655 | /** | ||
1656 | * Iteration over all results finished, build final | ||
1657 | * response. | ||
1658 | * | ||
1659 | * @param cls the `struct RequestHandle` | ||
1660 | */ | ||
1661 | static void | ||
1662 | build_authz_response (void *cls) | ||
1663 | { | ||
1664 | struct RequestHandle *handle = cls; | ||
1665 | struct GNUNET_HashCode cache_key; | ||
1666 | |||
1667 | char *expected_scope; | ||
1668 | char delimiter[] = " "; | ||
1669 | int number_of_ignored_parameter, iterator; | ||
1670 | |||
1671 | |||
1672 | // REQUIRED value: redirect_uri | ||
1673 | handle->oidc->redirect_uri = | ||
1674 | get_url_parameter_copy (handle, OIDC_REDIRECT_URI_KEY); | ||
1675 | if (NULL == handle->oidc->redirect_uri) | ||
1676 | { | ||
1677 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
1678 | handle->edesc = GNUNET_strdup ("missing parameter redirect_uri"); | ||
1679 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1680 | return; | ||
1681 | } | ||
1682 | |||
1683 | // REQUIRED value: response_type | ||
1684 | handle->oidc->response_type = | ||
1685 | get_url_parameter_copy (handle, OIDC_RESPONSE_TYPE_KEY); | ||
1686 | if (NULL == handle->oidc->response_type) | ||
1687 | { | ||
1688 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
1689 | handle->edesc = GNUNET_strdup ("missing parameter response_type"); | ||
1690 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1691 | return; | ||
1692 | } | ||
1693 | |||
1694 | // REQUIRED value: scope | ||
1695 | handle->oidc->scope = get_url_parameter_copy (handle, OIDC_SCOPE_KEY); | ||
1696 | if (NULL == handle->oidc->scope) | ||
1697 | { | ||
1698 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | ||
1699 | handle->edesc = GNUNET_strdup ("missing parameter scope"); | ||
1700 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1701 | return; | ||
1702 | } | ||
1703 | |||
1704 | // OPTIONAL value: nonce | ||
1705 | handle->oidc->nonce = get_url_parameter_copy (handle, OIDC_NONCE_KEY); | ||
1706 | |||
1707 | // OPTIONAL value: claims | ||
1708 | handle->oidc->claims = get_url_parameter_copy (handle, OIDC_CLAIMS_KEY); | ||
1709 | |||
1710 | // TODO check other values if needed | ||
1711 | number_of_ignored_parameter = | ||
1712 | sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | ||
1713 | for (iterator = 0; iterator < number_of_ignored_parameter; iterator++) | ||
1714 | { | ||
1715 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | ||
1716 | strlen (OIDC_ignored_parameter_array[iterator]), | ||
1717 | &cache_key); | ||
1718 | if (GNUNET_YES == | ||
1719 | GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
1720 | ->url_param_map, | ||
1721 | &cache_key)) | ||
1722 | { | ||
1723 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_ACCESS_DENIED); | ||
1724 | GNUNET_asprintf (&handle->edesc, | ||
1725 | "Server will not handle parameter: %s", | ||
1726 | OIDC_ignored_parameter_array[iterator]); | ||
1727 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1728 | return; | ||
1729 | } | ||
1730 | } | ||
1731 | |||
1732 | // We only support authorization code flows. | ||
1733 | if (0 != strcmp (handle->oidc->response_type, | ||
1734 | OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE)) | ||
1735 | { | ||
1736 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_RESPONSE_TYPE); | ||
1737 | handle->edesc = GNUNET_strdup ("The authorization server does not support " | ||
1738 | "obtaining this authorization code."); | ||
1739 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1740 | return; | ||
1741 | } | ||
1742 | |||
1743 | // Checks if scope contains 'openid' | ||
1744 | expected_scope = GNUNET_strdup (handle->oidc->scope); | ||
1745 | char *test; | ||
1746 | test = strtok (expected_scope, delimiter); | ||
1747 | while (NULL != test) | ||
1748 | { | ||
1749 | if (0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope)) | ||
1750 | break; | ||
1751 | test = strtok (NULL, delimiter); | ||
1752 | } | ||
1753 | if (NULL == test) | ||
1754 | { | ||
1755 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | ||
1756 | handle->edesc = | ||
1757 | GNUNET_strdup ("The requested scope is invalid, unknown, or malformed."); | ||
1758 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1759 | GNUNET_free (expected_scope); | ||
1760 | return; | ||
1761 | } | ||
1762 | |||
1763 | GNUNET_free (expected_scope); | ||
1764 | if ((NULL == handle->oidc->login_identity) && | ||
1765 | (GNUNET_NO == handle->oidc->user_cancelled)) | ||
1766 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); | ||
1767 | else | ||
1768 | GNUNET_SCHEDULER_add_now (&client_redirect, handle); | ||
1769 | } | ||
1770 | |||
1771 | |||
1772 | /** | ||
1773 | * Iterate over tlds in config | ||
1774 | */ | ||
1775 | static void | ||
1776 | tld_iter (void *cls, const char *section, const char *option, const char *value) | ||
1777 | { | ||
1778 | struct RequestHandle *handle = cls; | ||
1779 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
1780 | |||
1781 | if (GNUNET_OK != | ||
1782 | GNUNET_CRYPTO_public_key_from_string (value, &pkey)) | ||
1783 | { | ||
1784 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Skipping non key %s\n", value); | ||
1785 | return; | ||
1786 | } | ||
1787 | if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey)) | ||
1788 | handle->tld = GNUNET_strdup (option + 1); | ||
1789 | } | ||
1790 | |||
1791 | |||
1792 | /** | ||
1793 | * Responds to authorization GET and url-encoded POST request | ||
1794 | * | ||
1795 | * @param con_handle the connection handle | ||
1796 | * @param url the url | ||
1797 | * @param cls the RequestHandle | ||
1798 | */ | ||
1799 | static void | ||
1800 | authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | ||
1801 | const char *url, | ||
1802 | void *cls) | ||
1803 | { | ||
1804 | struct RequestHandle *handle = cls; | ||
1805 | struct EgoEntry *tmp_ego; | ||
1806 | const struct GNUNET_CRYPTO_PrivateKey *priv_key; | ||
1807 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
1808 | |||
1809 | cookie_identity_interpretation (handle); | ||
1810 | |||
1811 | // RECOMMENDED value: state - REQUIRED for answers | ||
1812 | handle->oidc->state = get_url_parameter_copy (handle, OIDC_STATE_KEY); | ||
1813 | |||
1814 | // REQUIRED value: client_id | ||
1815 | handle->oidc->client_id = get_url_parameter_copy (handle, OIDC_CLIENT_ID_KEY); | ||
1816 | if (NULL == handle->oidc->client_id) | ||
1817 | { | ||
1818 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
1819 | handle->edesc = GNUNET_strdup ("missing parameter client_id"); | ||
1820 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1821 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1822 | return; | ||
1823 | } | ||
1824 | |||
1825 | // OPTIONAL value: code_challenge | ||
1826 | handle->oidc->code_challenge = get_url_parameter_copy (handle, | ||
1827 | OIDC_CODE_CHALLENGE_KEY); | ||
1828 | if (NULL == handle->oidc->code_challenge) | ||
1829 | { | ||
1830 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
1831 | "OAuth authorization request does not contain PKCE parameters!\n"); | ||
1832 | } | ||
1833 | |||
1834 | if (GNUNET_OK != | ||
1835 | GNUNET_CRYPTO_public_key_from_string (handle->oidc->client_id, | ||
1836 | &handle->oidc->client_pkey)) | ||
1837 | { | ||
1838 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNAUTHORIZED_CLIENT); | ||
1839 | handle->edesc = GNUNET_strdup ("The client is not authorized to request an " | ||
1840 | "authorization code using this method."); | ||
1841 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1842 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1843 | return; | ||
1844 | } | ||
1845 | |||
1846 | // If we know this identity, translated the corresponding TLD | ||
1847 | // TODO: We might want to have a reverse lookup functionality for TLDs? | ||
1848 | for (tmp_ego = ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next) | ||
1849 | { | ||
1850 | priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego); | ||
1851 | GNUNET_CRYPTO_key_get_public (priv_key, &pkey); | ||
1852 | if (0 == GNUNET_memcmp (&pkey, &handle->oidc->client_pkey)) | ||
1853 | { | ||
1854 | handle->tld = GNUNET_strdup (tmp_ego->identifier); | ||
1855 | handle->ego_entry = ego_tail; | ||
1856 | } | ||
1857 | } | ||
1858 | if (NULL == handle->tld) | ||
1859 | GNUNET_CONFIGURATION_iterate_section_values (cfg, "gns", tld_iter, handle); | ||
1860 | if (NULL == handle->tld) | ||
1861 | handle->tld = GNUNET_strdup (handle->oidc->client_id); | ||
1862 | GNUNET_SCHEDULER_add_now (&build_authz_response, handle); | ||
1863 | } | ||
1864 | |||
1865 | |||
1866 | /** | ||
1867 | * Combines an identity with a login time and responds OK to login request | ||
1868 | * | ||
1869 | * @param con_handle the connection handle | ||
1870 | * @param url the url | ||
1871 | * @param cls the RequestHandle | ||
1872 | */ | ||
1873 | static void | ||
1874 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1875 | const char *url, | ||
1876 | void *cls) | ||
1877 | { | ||
1878 | struct MHD_Response *resp = GNUNET_REST_create_response (""); | ||
1879 | struct RequestHandle *handle = cls; | ||
1880 | struct GNUNET_HashCode cache_key; | ||
1881 | struct GNUNET_TIME_Absolute *current_time; | ||
1882 | struct GNUNET_TIME_Absolute *last_time; | ||
1883 | char *cookie; | ||
1884 | char *header_val; | ||
1885 | json_t *root; | ||
1886 | json_error_t error; | ||
1887 | json_t *identity; | ||
1888 | char term_data[handle->rest_handle->data_size + 1]; | ||
1889 | |||
1890 | term_data[handle->rest_handle->data_size] = '\0'; | ||
1891 | GNUNET_memcpy (term_data, | ||
1892 | handle->rest_handle->data, | ||
1893 | handle->rest_handle->data_size); | ||
1894 | root = json_loads (term_data, JSON_DECODE_ANY, &error); | ||
1895 | identity = json_object_get (root, "identity"); | ||
1896 | if (! json_is_string (identity)) | ||
1897 | { | ||
1898 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1899 | "Error parsing json string from %s\n", | ||
1900 | term_data); | ||
1901 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | ||
1902 | json_decref (root); | ||
1903 | cleanup_handle (handle); | ||
1904 | return; | ||
1905 | } | ||
1906 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | ||
1907 | GNUNET_asprintf (&header_val, | ||
1908 | "%s;Max-Age=%d", | ||
1909 | cookie, | ||
1910 | OIDC_COOKIE_EXPIRATION); | ||
1911 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
1912 | "Set-Cookie", header_val)); | ||
1913 | GNUNET_assert (MHD_NO != | ||
1914 | MHD_add_response_header (resp, | ||
1915 | "Access-Control-Allow-Methods", | ||
1916 | "POST")); | ||
1917 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | ||
1918 | |||
1919 | if (0 != strcmp (json_string_value (identity), "Denied")) | ||
1920 | { | ||
1921 | current_time = GNUNET_new (struct GNUNET_TIME_Absolute); | ||
1922 | *current_time = GNUNET_TIME_relative_to_absolute ( | ||
1923 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | ||
1924 | OIDC_COOKIE_EXPIRATION)); | ||
1925 | last_time = | ||
1926 | GNUNET_CONTAINER_multihashmap_get (OIDC_cookie_jar_map, &cache_key); | ||
1927 | GNUNET_free (last_time); | ||
1928 | GNUNET_CONTAINER_multihashmap_put (OIDC_cookie_jar_map, | ||
1929 | &cache_key, | ||
1930 | current_time, | ||
1931 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
1932 | } | ||
1933 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
1934 | GNUNET_free (cookie); | ||
1935 | GNUNET_free (header_val); | ||
1936 | json_decref (root); | ||
1937 | cleanup_handle (handle); | ||
1938 | } | ||
1939 | |||
1940 | |||
1941 | static int | ||
1942 | parse_credentials_basic_auth (struct RequestHandle *handle, | ||
1943 | char **client_id, | ||
1944 | char **client_secret) | ||
1945 | { | ||
1946 | struct GNUNET_HashCode cache_key; | ||
1947 | char *authorization; | ||
1948 | char *credentials; | ||
1949 | char *basic_authorization; | ||
1950 | char *client_id_tmp; | ||
1951 | char *pass; | ||
1952 | |||
1953 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | ||
1954 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | ||
1955 | &cache_key); | ||
1956 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
1957 | ->header_param_map, | ||
1958 | &cache_key)) | ||
1959 | return GNUNET_SYSERR; | ||
1960 | authorization = | ||
1961 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, | ||
1962 | &cache_key); | ||
1963 | |||
1964 | // split header in "Basic" and [content] | ||
1965 | credentials = strtok (authorization, " "); | ||
1966 | if ((NULL == credentials) || (0 != strcmp ("Basic", credentials))) | ||
1967 | return GNUNET_SYSERR; | ||
1968 | credentials = strtok (NULL, " "); | ||
1969 | if (NULL == credentials) | ||
1970 | return GNUNET_SYSERR; | ||
1971 | GNUNET_STRINGS_base64_decode (credentials, | ||
1972 | strlen (credentials), | ||
1973 | (void **) &basic_authorization); | ||
1974 | |||
1975 | if (NULL == basic_authorization) | ||
1976 | return GNUNET_SYSERR; | ||
1977 | client_id_tmp = strtok (basic_authorization, ":"); | ||
1978 | if (NULL == client_id_tmp) | ||
1979 | { | ||
1980 | GNUNET_free (basic_authorization); | ||
1981 | return GNUNET_SYSERR; | ||
1982 | } | ||
1983 | pass = strtok (NULL, ":"); | ||
1984 | if (NULL == pass) | ||
1985 | { | ||
1986 | GNUNET_free (basic_authorization); | ||
1987 | return GNUNET_SYSERR; | ||
1988 | } | ||
1989 | *client_id = strdup (client_id_tmp); | ||
1990 | *client_secret = strdup (pass); | ||
1991 | GNUNET_free (basic_authorization); | ||
1992 | return GNUNET_OK; | ||
1993 | } | ||
1994 | |||
1995 | |||
1996 | static int | ||
1997 | parse_credentials_post_body (struct RequestHandle *handle, | ||
1998 | char **client_id, | ||
1999 | char **client_secret) | ||
2000 | { | ||
2001 | struct GNUNET_HashCode cache_key; | ||
2002 | char *client_id_tmp; | ||
2003 | char *pass; | ||
2004 | |||
2005 | GNUNET_CRYPTO_hash ("client_id", | ||
2006 | strlen ("client_id"), | ||
2007 | &cache_key); | ||
2008 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
2009 | ->url_param_map, | ||
2010 | &cache_key)) | ||
2011 | return GNUNET_SYSERR; | ||
2012 | client_id_tmp = GNUNET_CONTAINER_multihashmap_get ( | ||
2013 | handle->rest_handle->url_param_map, | ||
2014 | &cache_key); | ||
2015 | if (NULL == client_id_tmp) | ||
2016 | return GNUNET_SYSERR; | ||
2017 | *client_id = strdup (client_id_tmp); | ||
2018 | GNUNET_CRYPTO_hash ("client_secret", | ||
2019 | strlen ("client_secret"), | ||
2020 | &cache_key); | ||
2021 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
2022 | ->url_param_map, | ||
2023 | &cache_key)) | ||
2024 | { | ||
2025 | GNUNET_free (*client_id); | ||
2026 | *client_id = NULL; | ||
2027 | return GNUNET_SYSERR; | ||
2028 | } | ||
2029 | pass = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, | ||
2030 | &cache_key); | ||
2031 | if (NULL == pass) | ||
2032 | { | ||
2033 | GNUNET_free (*client_id); | ||
2034 | *client_id = NULL; | ||
2035 | return GNUNET_SYSERR; | ||
2036 | } | ||
2037 | *client_secret = strdup (pass); | ||
2038 | return GNUNET_OK; | ||
2039 | } | ||
2040 | |||
2041 | |||
2042 | static int | ||
2043 | check_authorization (struct RequestHandle *handle, | ||
2044 | struct GNUNET_CRYPTO_PublicKey *cid) | ||
2045 | { | ||
2046 | char *expected_pass; | ||
2047 | char *received_cid; | ||
2048 | char *received_cpw; | ||
2049 | char *pkce_cv; | ||
2050 | |||
2051 | if (GNUNET_OK == parse_credentials_basic_auth (handle, | ||
2052 | &received_cid, | ||
2053 | &received_cpw)) | ||
2054 | { | ||
2055 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2056 | "Received client credentials in HTTP AuthZ header\n"); | ||
2057 | } | ||
2058 | else if (GNUNET_OK == parse_credentials_post_body (handle, | ||
2059 | &received_cid, | ||
2060 | &received_cpw)) | ||
2061 | { | ||
2062 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2063 | "Received client credentials in POST body\n"); | ||
2064 | } | ||
2065 | else | ||
2066 | { | ||
2067 | /** Allow public clients with PKCE **/ | ||
2068 | pkce_cv = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); | ||
2069 | if (NULL == pkce_cv) | ||
2070 | { | ||
2071 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
2072 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2073 | return GNUNET_SYSERR; | ||
2074 | } | ||
2075 | handle->public_client = GNUNET_YES; | ||
2076 | GNUNET_free (pkce_cv); | ||
2077 | received_cid = get_url_parameter_copy (handle, OIDC_CLIENT_ID_KEY); | ||
2078 | GNUNET_STRINGS_string_to_data (received_cid, | ||
2079 | strlen (received_cid), | ||
2080 | cid, | ||
2081 | sizeof(struct GNUNET_CRYPTO_PublicKey)); | ||
2082 | GNUNET_free (received_cid); | ||
2083 | return GNUNET_OK; | ||
2084 | |||
2085 | } | ||
2086 | |||
2087 | // check client password | ||
2088 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, | ||
2089 | "reclaim-rest-plugin", | ||
2090 | "OIDC_CLIENT_HMAC_SECRET", | ||
2091 | &expected_pass)) | ||
2092 | { | ||
2093 | if (0 != strcmp (expected_pass, received_cpw)) | ||
2094 | { | ||
2095 | GNUNET_free (expected_pass); | ||
2096 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
2097 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2098 | GNUNET_free (received_cpw); | ||
2099 | GNUNET_free (received_cid); | ||
2100 | return GNUNET_SYSERR; | ||
2101 | } | ||
2102 | GNUNET_free (expected_pass); | ||
2103 | } | ||
2104 | else | ||
2105 | { | ||
2106 | GNUNET_free (received_cpw); | ||
2107 | GNUNET_free (received_cid); | ||
2108 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
2109 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
2110 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
2111 | return GNUNET_SYSERR; | ||
2112 | } | ||
2113 | // check client_id | ||
2114 | for (handle->ego_entry = ego_head; NULL != handle->ego_entry; | ||
2115 | handle->ego_entry = handle->ego_entry->next) | ||
2116 | { | ||
2117 | if (0 == strcmp (handle->ego_entry->keystring, received_cid)) | ||
2118 | break; | ||
2119 | } | ||
2120 | if (NULL == handle->ego_entry) | ||
2121 | { | ||
2122 | GNUNET_free (received_cpw); | ||
2123 | GNUNET_free (received_cid); | ||
2124 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_CLIENT); | ||
2125 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2126 | return GNUNET_SYSERR; | ||
2127 | } | ||
2128 | GNUNET_STRINGS_string_to_data (received_cid, | ||
2129 | strlen (received_cid), | ||
2130 | cid, | ||
2131 | sizeof(struct GNUNET_CRYPTO_PublicKey)); | ||
2132 | |||
2133 | GNUNET_free (received_cpw); | ||
2134 | GNUNET_free (received_cid); | ||
2135 | return GNUNET_OK; | ||
2136 | } | ||
2137 | |||
2138 | |||
2139 | const struct EgoEntry * | ||
2140 | find_ego (struct RequestHandle *handle, | ||
2141 | struct GNUNET_CRYPTO_PublicKey *test_key) | ||
2142 | { | ||
2143 | struct EgoEntry *ego_entry; | ||
2144 | struct GNUNET_CRYPTO_PublicKey pub_key; | ||
2145 | |||
2146 | for (ego_entry = ego_head; NULL != ego_entry; | ||
2147 | ego_entry = ego_entry->next) | ||
2148 | { | ||
2149 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key); | ||
2150 | if (0 == GNUNET_memcmp (&pub_key, test_key)) | ||
2151 | return ego_entry; | ||
2152 | } | ||
2153 | return NULL; | ||
2154 | } | ||
2155 | |||
2156 | |||
2157 | /** | ||
2158 | * Responds to token url-encoded POST request | ||
2159 | * | ||
2160 | * @param con_handle the connection handle | ||
2161 | * @param url the url | ||
2162 | * @param cls the RequestHandle | ||
2163 | */ | ||
2164 | static void | ||
2165 | token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | ||
2166 | const char *url, | ||
2167 | void *cls) | ||
2168 | { | ||
2169 | struct RequestHandle *handle = cls; | ||
2170 | const struct EgoEntry *ego_entry = NULL; | ||
2171 | struct GNUNET_TIME_Relative expiration_time; | ||
2172 | struct GNUNET_RECLAIM_AttributeList *cl = NULL; | ||
2173 | struct GNUNET_RECLAIM_PresentationList *pl = NULL; | ||
2174 | struct GNUNET_RECLAIM_Ticket ticket; | ||
2175 | struct GNUNET_CRYPTO_PublicKey cid; | ||
2176 | struct GNUNET_HashCode cache_key; | ||
2177 | struct MHD_Response *resp = NULL; | ||
2178 | char *grant_type = NULL; | ||
2179 | char *code = NULL; | ||
2180 | char *json_response = NULL; | ||
2181 | char *id_token = NULL; | ||
2182 | char *access_token = NULL; | ||
2183 | char *jwa = NULL; | ||
2184 | char *jwt_secret = NULL; | ||
2185 | char *nonce = NULL; | ||
2186 | char *code_verifier = NULL; | ||
2187 | json_t *oidc_jwk = NULL; | ||
2188 | char *oidc_jwk_path = NULL; | ||
2189 | char *oidc_directory = NULL; | ||
2190 | char *tmp_at = NULL; | ||
2191 | |||
2192 | /* | ||
2193 | * Check Authorization | ||
2194 | */ | ||
2195 | if (GNUNET_SYSERR == check_authorization (handle, &cid)) | ||
2196 | { | ||
2197 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2198 | "OIDC authorization for token endpoint failed\n"); | ||
2199 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2200 | return; | ||
2201 | } | ||
2202 | |||
2203 | /* | ||
2204 | * Check parameter | ||
2205 | */ | ||
2206 | |||
2207 | // TODO Do not allow multiple equal parameter names | ||
2208 | // REQUIRED grant_type | ||
2209 | GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, | ||
2210 | strlen (OIDC_GRANT_TYPE_KEY), | ||
2211 | &cache_key); | ||
2212 | grant_type = get_url_parameter_copy (handle, OIDC_GRANT_TYPE_KEY); | ||
2213 | if (NULL == grant_type) | ||
2214 | { | ||
2215 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
2216 | handle->edesc = GNUNET_strdup ("missing parameter grant_type"); | ||
2217 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2218 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2219 | return; | ||
2220 | } | ||
2221 | |||
2222 | // Check parameter grant_type == "authorization_code" | ||
2223 | if (0 != strcmp (OIDC_GRANT_TYPE_VALUE, grant_type)) | ||
2224 | { | ||
2225 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_UNSUPPORTED_GRANT_TYPE); | ||
2226 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2227 | GNUNET_free (grant_type); | ||
2228 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2229 | return; | ||
2230 | } | ||
2231 | GNUNET_free (grant_type); | ||
2232 | // REQUIRED code | ||
2233 | code = get_url_parameter_copy (handle, OIDC_CODE_KEY); | ||
2234 | if (NULL == code) | ||
2235 | { | ||
2236 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
2237 | handle->edesc = GNUNET_strdup ("missing parameter code"); | ||
2238 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2239 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2240 | return; | ||
2241 | } | ||
2242 | ego_entry = find_ego (handle, &cid); | ||
2243 | if (NULL == ego_entry) | ||
2244 | { | ||
2245 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
2246 | handle->edesc = GNUNET_strdup ("Unknown client"); | ||
2247 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2248 | GNUNET_free (code); | ||
2249 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2250 | return; | ||
2251 | } | ||
2252 | |||
2253 | // REQUIRED code verifier | ||
2254 | code_verifier = get_url_parameter_copy (handle, OIDC_CODE_VERIFIER_KEY); | ||
2255 | if (NULL == code_verifier) | ||
2256 | { | ||
2257 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
2258 | "OAuth authorization request does not contain PKCE parameters!\n"); | ||
2259 | |||
2260 | } | ||
2261 | |||
2262 | // decode code | ||
2263 | if (GNUNET_OK != OIDC_parse_authz_code (&cid, code, code_verifier, &ticket, | ||
2264 | &cl, &pl, &nonce, | ||
2265 | OIDC_VERIFICATION_DEFAULT)) | ||
2266 | { | ||
2267 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
2268 | handle->edesc = GNUNET_strdup ("invalid code"); | ||
2269 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2270 | GNUNET_free (code); | ||
2271 | if (NULL != code_verifier) | ||
2272 | GNUNET_free (code_verifier); | ||
2273 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2274 | return; | ||
2275 | } | ||
2276 | if (NULL != code_verifier) | ||
2277 | GNUNET_free (code_verifier); | ||
2278 | |||
2279 | // create jwt | ||
2280 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, | ||
2281 | "reclaim-rest-plugin", | ||
2282 | "expiration_time", | ||
2283 | &expiration_time)) | ||
2284 | { | ||
2285 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_SERVER_ERROR); | ||
2286 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | ||
2287 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
2288 | GNUNET_free (code); | ||
2289 | if (NULL != nonce) | ||
2290 | GNUNET_free (nonce); | ||
2291 | GNUNET_RECLAIM_attribute_list_destroy (cl); | ||
2292 | GNUNET_RECLAIM_presentation_list_destroy (pl); | ||
2293 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2294 | return; | ||
2295 | } | ||
2296 | |||
2297 | // Check if HMAC or RSA should be used | ||
2298 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, | ||
2299 | "reclaim-rest-plugin", | ||
2300 | "oidc_json_web_algorithm", | ||
2301 | &jwa)) | ||
2302 | { | ||
2303 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
2304 | "Could not read OIDC JSON Web Algorithm config attribute." | ||
2305 | "Defaulting to RS256."); | ||
2306 | jwa = JWT_ALG_VALUE_RSA; | ||
2307 | } | ||
2308 | |||
2309 | if ( ! strcmp (jwa, JWT_ALG_VALUE_RSA)) | ||
2310 | { | ||
2311 | // Replace for now | ||
2312 | oidc_jwk_path = get_oidc_jwk_path (cls); | ||
2313 | oidc_jwk = read_jwk_from_file (oidc_jwk_path); | ||
2314 | |||
2315 | // Check if secret JWK exists | ||
2316 | if (! oidc_jwk) | ||
2317 | { | ||
2318 | // Generate and save a new key | ||
2319 | oidc_jwk = generate_jwk (); | ||
2320 | oidc_directory = get_oidc_dir_path (cls); | ||
2321 | |||
2322 | // Create new oidc directory | ||
2323 | if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) | ||
2324 | { | ||
2325 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2326 | ("Failed to create directory `%s' for storing oidc data\n"), | ||
2327 | oidc_directory); | ||
2328 | } | ||
2329 | else | ||
2330 | { | ||
2331 | write_jwk_to_file (oidc_jwk_path, oidc_jwk); | ||
2332 | } | ||
2333 | } | ||
2334 | |||
2335 | // Generate oidc token | ||
2336 | id_token = OIDC_generate_id_token_rsa (&ticket.audience, | ||
2337 | &ticket.identity, | ||
2338 | cl, | ||
2339 | pl, | ||
2340 | &expiration_time, | ||
2341 | (NULL != nonce) ? nonce : NULL, | ||
2342 | oidc_jwk); | ||
2343 | } | ||
2344 | else if ( ! strcmp (jwa, JWT_ALG_VALUE_HMAC)) | ||
2345 | { | ||
2346 | // TODO OPTIONAL acr,amr,azp | ||
2347 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, | ||
2348 | "reclaim-rest-plugin", | ||
2349 | "jwt_secret", | ||
2350 | &jwt_secret)) | ||
2351 | { | ||
2352 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
2353 | handle->edesc = GNUNET_strdup ("No signing secret configured!"); | ||
2354 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
2355 | GNUNET_free (code); | ||
2356 | GNUNET_RECLAIM_attribute_list_destroy (cl); | ||
2357 | GNUNET_RECLAIM_presentation_list_destroy (pl); | ||
2358 | if (NULL != nonce) | ||
2359 | GNUNET_free (nonce); | ||
2360 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2361 | return; | ||
2362 | } | ||
2363 | |||
2364 | id_token = OIDC_generate_id_token_hmac (&ticket.audience, | ||
2365 | &ticket.identity, | ||
2366 | cl, | ||
2367 | pl, | ||
2368 | &expiration_time, | ||
2369 | (NULL != nonce) ? nonce : NULL, | ||
2370 | jwt_secret); | ||
2371 | |||
2372 | GNUNET_free (jwt_secret); | ||
2373 | } | ||
2374 | else | ||
2375 | { | ||
2376 | // TODO: OPTION NOT FOUND ERROR | ||
2377 | } | ||
2378 | |||
2379 | if (NULL != nonce) | ||
2380 | GNUNET_free (nonce); | ||
2381 | access_token = OIDC_access_token_new (&ticket); | ||
2382 | /** | ||
2383 | * Store mapping from access token to code so we can later | ||
2384 | * fall back on the provided attributes in userinfo one time. | ||
2385 | */ | ||
2386 | GNUNET_CRYPTO_hash (access_token, | ||
2387 | strlen (access_token), | ||
2388 | &cache_key); | ||
2389 | /** | ||
2390 | * Note to future self: This cache has the following purpose: | ||
2391 | * Some OIDC plugins call the userendpoint right after receiving an | ||
2392 | * ID token and access token. There are reasons why this would make sense. | ||
2393 | * Others not so much. | ||
2394 | * In any case, in order to smoothen out the user experience upon login | ||
2395 | * (authorization), we speculatively cache the next | ||
2396 | * userinfo response in case the actual resolution through reclaim/GNS | ||
2397 | * takes too long. | ||
2398 | */ | ||
2399 | tmp_at = GNUNET_CONTAINER_multihashmap_get (oidc_code_cache, | ||
2400 | &cache_key); | ||
2401 | GNUNET_CONTAINER_multihashmap_put (oidc_code_cache, | ||
2402 | &cache_key, | ||
2403 | code, | ||
2404 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
2405 | /* If there was a previous code in there, free the old value */ | ||
2406 | if (NULL != tmp_at) | ||
2407 | { | ||
2408 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
2409 | "OIDC access token already issued. Cleanup.\n"); | ||
2410 | GNUNET_free (tmp_at); | ||
2411 | } | ||
2412 | |||
2413 | OIDC_build_token_response (access_token, | ||
2414 | id_token, | ||
2415 | &expiration_time, | ||
2416 | &json_response); | ||
2417 | |||
2418 | resp = GNUNET_REST_create_response (json_response); | ||
2419 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
2420 | "Cache-Control", | ||
2421 | "no-store")); | ||
2422 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
2423 | "Pragma", "no-cache")); | ||
2424 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
2425 | "Content-Type", | ||
2426 | "application/json")); | ||
2427 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2428 | GNUNET_RECLAIM_attribute_list_destroy (cl); | ||
2429 | GNUNET_RECLAIM_presentation_list_destroy (pl); | ||
2430 | GNUNET_free (access_token); | ||
2431 | GNUNET_free (json_response); | ||
2432 | GNUNET_free (id_token); | ||
2433 | cleanup_handle (handle); | ||
2434 | } | ||
2435 | |||
2436 | |||
2437 | /** | ||
2438 | * Collects claims and stores them in handle | ||
2439 | */ | ||
2440 | static void | ||
2441 | consume_ticket (void *cls, | ||
2442 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
2443 | const struct GNUNET_RECLAIM_Attribute *attr, | ||
2444 | const struct GNUNET_RECLAIM_Presentation *presentation) | ||
2445 | { | ||
2446 | struct RequestHandle *handle = cls; | ||
2447 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
2448 | struct GNUNET_RECLAIM_PresentationListEntry *atle; | ||
2449 | struct MHD_Response *resp; | ||
2450 | struct GNUNET_HashCode cache_key; | ||
2451 | char *result_str; | ||
2452 | char *cached_code; | ||
2453 | |||
2454 | if (NULL != handle->consume_timeout_op) | ||
2455 | GNUNET_SCHEDULER_cancel (handle->consume_timeout_op); | ||
2456 | handle->consume_timeout_op = NULL; | ||
2457 | handle->idp_op = NULL; | ||
2458 | |||
2459 | /** | ||
2460 | * We received a reply. In any case clear the cache. | ||
2461 | */ | ||
2462 | GNUNET_CRYPTO_hash (handle->access_token, | ||
2463 | strlen (handle->access_token), | ||
2464 | &cache_key); | ||
2465 | cached_code = GNUNET_CONTAINER_multihashmap_get (oidc_code_cache, | ||
2466 | &cache_key); | ||
2467 | if (NULL != cached_code) | ||
2468 | { | ||
2469 | GNUNET_assert (GNUNET_YES == | ||
2470 | GNUNET_CONTAINER_multihashmap_remove (oidc_code_cache, | ||
2471 | &cache_key, | ||
2472 | cached_code)); | ||
2473 | GNUNET_free (cached_code); | ||
2474 | } | ||
2475 | |||
2476 | |||
2477 | if (NULL == identity) | ||
2478 | { | ||
2479 | result_str = OIDC_generate_userinfo (&handle->ticket.identity, | ||
2480 | handle->attr_userinfo_list, | ||
2481 | handle->presentations); | ||
2482 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); | ||
2483 | resp = GNUNET_REST_create_response (result_str); | ||
2484 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2485 | GNUNET_free (result_str); | ||
2486 | cleanup_handle (handle); | ||
2487 | return; | ||
2488 | } | ||
2489 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
2490 | ale->attribute = GNUNET_RECLAIM_attribute_new (attr->name, | ||
2491 | &attr->credential, | ||
2492 | attr->type, | ||
2493 | attr->data, | ||
2494 | attr->data_size); | ||
2495 | ale->attribute->id = attr->id; | ||
2496 | ale->attribute->flag = attr->flag; | ||
2497 | ale->attribute->credential = attr->credential; | ||
2498 | GNUNET_CONTAINER_DLL_insert (handle->attr_userinfo_list->list_head, | ||
2499 | handle->attr_userinfo_list->list_tail, | ||
2500 | ale); | ||
2501 | if (NULL == presentation) | ||
2502 | return; | ||
2503 | for (atle = handle->presentations->list_head; | ||
2504 | NULL != atle; atle = atle->next) | ||
2505 | { | ||
2506 | if (GNUNET_NO == GNUNET_RECLAIM_id_is_equal ( | ||
2507 | &atle->presentation->credential_id, | ||
2508 | &presentation->credential_id)) | ||
2509 | continue; | ||
2510 | break; /** already in list **/ | ||
2511 | } | ||
2512 | if (NULL == atle) | ||
2513 | { | ||
2514 | /** Credential matches for attribute, add **/ | ||
2515 | atle = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | ||
2516 | atle->presentation = GNUNET_RECLAIM_presentation_new (presentation->type, | ||
2517 | presentation->data, | ||
2518 | presentation-> | ||
2519 | data_size); | ||
2520 | atle->presentation->credential_id = presentation->credential_id; | ||
2521 | GNUNET_CONTAINER_DLL_insert (handle->presentations->list_head, | ||
2522 | handle->presentations->list_tail, | ||
2523 | atle); | ||
2524 | } | ||
2525 | } | ||
2526 | |||
2527 | |||
2528 | static void | ||
2529 | consume_fail (void *cls) | ||
2530 | { | ||
2531 | struct RequestHandle *handle = cls; | ||
2532 | struct GNUNET_HashCode cache_key; | ||
2533 | struct GNUNET_RECLAIM_AttributeList *cl = NULL; | ||
2534 | struct GNUNET_RECLAIM_PresentationList *pl = NULL; | ||
2535 | struct GNUNET_RECLAIM_Ticket ticket; | ||
2536 | struct MHD_Response *resp; | ||
2537 | char *nonce; | ||
2538 | char *cached_code; | ||
2539 | char *result_str; | ||
2540 | |||
2541 | |||
2542 | handle->consume_timeout_op = NULL; | ||
2543 | if (NULL != handle->idp_op) | ||
2544 | GNUNET_RECLAIM_cancel (handle->idp_op); | ||
2545 | handle->idp_op = NULL; | ||
2546 | |||
2547 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
2548 | "Ticket consumptioned timed out. Using cache...\n"); | ||
2549 | GNUNET_CRYPTO_hash (handle->access_token, | ||
2550 | strlen (handle->access_token), | ||
2551 | &cache_key); | ||
2552 | cached_code = GNUNET_CONTAINER_multihashmap_get (oidc_code_cache, | ||
2553 | &cache_key); | ||
2554 | if (NULL == cached_code) | ||
2555 | { | ||
2556 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | ||
2557 | handle->edesc = GNUNET_strdup ("No Access Token in cache!"); | ||
2558 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2559 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | ||
2560 | return; | ||
2561 | } | ||
2562 | /** | ||
2563 | * Remove the cached item | ||
2564 | */ | ||
2565 | GNUNET_assert (GNUNET_YES == | ||
2566 | GNUNET_CONTAINER_multihashmap_remove (oidc_code_cache, | ||
2567 | &cache_key, | ||
2568 | cached_code)); | ||
2569 | |||
2570 | // decode code | ||
2571 | if (GNUNET_OK != OIDC_parse_authz_code (&handle->ticket.audience, | ||
2572 | cached_code, NULL, &ticket, | ||
2573 | &cl, &pl, &nonce, | ||
2574 | OIDC_VERIFICATION_NO_CODE_VERIFIER)) | ||
2575 | { | ||
2576 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_REQUEST); | ||
2577 | handle->edesc = GNUNET_strdup ("invalid code"); | ||
2578 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
2579 | GNUNET_free (cached_code); | ||
2580 | if (NULL != nonce) | ||
2581 | GNUNET_free (nonce); | ||
2582 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
2583 | return; | ||
2584 | } | ||
2585 | |||
2586 | GNUNET_free (cached_code); | ||
2587 | |||
2588 | result_str = OIDC_generate_userinfo (&handle->ticket.identity, | ||
2589 | cl, | ||
2590 | pl); | ||
2591 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Userinfo: %s\n", result_str); | ||
2592 | resp = GNUNET_REST_create_response (result_str); | ||
2593 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2594 | GNUNET_free (result_str); | ||
2595 | GNUNET_free (nonce); | ||
2596 | GNUNET_RECLAIM_attribute_list_destroy (cl); | ||
2597 | GNUNET_RECLAIM_presentation_list_destroy (pl); | ||
2598 | cleanup_handle (handle); | ||
2599 | } | ||
2600 | |||
2601 | |||
2602 | /** | ||
2603 | * Responds to userinfo GET and url-encoded POST request | ||
2604 | * | ||
2605 | * @param con_handle the connection handle | ||
2606 | * @param url the url | ||
2607 | * @param cls the RequestHandle | ||
2608 | */ | ||
2609 | static void | ||
2610 | userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | ||
2611 | const char *url, | ||
2612 | void *cls) | ||
2613 | { | ||
2614 | // TODO expiration time | ||
2615 | struct RequestHandle *handle = cls; | ||
2616 | struct GNUNET_RECLAIM_Ticket *ticket; | ||
2617 | char delimiter[] = " "; | ||
2618 | struct GNUNET_HashCode cache_key; | ||
2619 | char *authorization; | ||
2620 | char *authorization_type; | ||
2621 | char *authorization_access_token; | ||
2622 | const struct EgoEntry *aud_ego; | ||
2623 | const struct GNUNET_CRYPTO_PrivateKey *privkey; | ||
2624 | |||
2625 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting userinfo\n"); | ||
2626 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, | ||
2627 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), | ||
2628 | &cache_key); | ||
2629 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle | ||
2630 | ->header_param_map, | ||
2631 | &cache_key)) | ||
2632 | { | ||
2633 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | ||
2634 | handle->edesc = GNUNET_strdup ("No Access Token"); | ||
2635 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2636 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | ||
2637 | return; | ||
2638 | } | ||
2639 | authorization = | ||
2640 | GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map, | ||
2641 | &cache_key); | ||
2642 | |||
2643 | // split header in "Bearer" and access_token | ||
2644 | authorization = GNUNET_strdup (authorization); | ||
2645 | authorization_type = strtok (authorization, delimiter); | ||
2646 | if ((NULL == authorization_type) || | ||
2647 | (0 != strcmp ("Bearer", authorization_type))) | ||
2648 | { | ||
2649 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | ||
2650 | handle->edesc = GNUNET_strdup ("No Access Token"); | ||
2651 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2652 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | ||
2653 | GNUNET_free (authorization); | ||
2654 | return; | ||
2655 | } | ||
2656 | authorization_access_token = strtok (NULL, delimiter); | ||
2657 | if (NULL == authorization_access_token) | ||
2658 | { | ||
2659 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | ||
2660 | handle->edesc = GNUNET_strdup ("Access token missing"); | ||
2661 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2662 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | ||
2663 | GNUNET_free (authorization); | ||
2664 | return; | ||
2665 | } | ||
2666 | |||
2667 | if (GNUNET_OK != OIDC_access_token_parse (authorization_access_token, | ||
2668 | &ticket)) | ||
2669 | { | ||
2670 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | ||
2671 | handle->edesc = GNUNET_strdup ("The access token is invalid"); | ||
2672 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2673 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | ||
2674 | GNUNET_free (authorization); | ||
2675 | return; | ||
2676 | |||
2677 | } | ||
2678 | GNUNET_assert (NULL != ticket); | ||
2679 | handle->ticket = *ticket; | ||
2680 | GNUNET_free (ticket); | ||
2681 | aud_ego = find_ego (handle, &handle->ticket.audience); | ||
2682 | if (NULL == aud_ego) | ||
2683 | { | ||
2684 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_TOKEN); | ||
2685 | handle->edesc = GNUNET_strdup ("The access token expired"); | ||
2686 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | ||
2687 | GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle); | ||
2688 | GNUNET_free (authorization); | ||
2689 | return; | ||
2690 | } | ||
2691 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Consuming ticket\n"); | ||
2692 | privkey = GNUNET_IDENTITY_ego_get_private_key (aud_ego->ego); | ||
2693 | handle->attr_userinfo_list = | ||
2694 | GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
2695 | handle->presentations = | ||
2696 | GNUNET_new (struct GNUNET_RECLAIM_PresentationList); | ||
2697 | |||
2698 | /* If the consume takes too long, we use values from the cache */ | ||
2699 | handle->access_token = GNUNET_strdup (authorization_access_token); | ||
2700 | handle->consume_timeout_op = GNUNET_SCHEDULER_add_delayed (consume_timeout, | ||
2701 | &consume_fail, | ||
2702 | handle); | ||
2703 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, | ||
2704 | privkey, | ||
2705 | &handle->ticket, | ||
2706 | &consume_ticket, | ||
2707 | handle); | ||
2708 | GNUNET_free (authorization); | ||
2709 | } | ||
2710 | |||
2711 | /** | ||
2712 | * Responds to /jwks.json | ||
2713 | * | ||
2714 | * @param con_handle the connection handle | ||
2715 | * @param url the url | ||
2716 | * @param cls the RequestHandle | ||
2717 | */ | ||
2718 | static void | ||
2719 | jwks_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | ||
2720 | const char *url, | ||
2721 | void *cls) | ||
2722 | { | ||
2723 | char *oidc_directory; | ||
2724 | char *oidc_jwk_path; | ||
2725 | char *oidc_jwk_pub_str; | ||
2726 | json_t *oidc_jwk; | ||
2727 | struct MHD_Response *resp; | ||
2728 | struct RequestHandle *handle = cls; | ||
2729 | |||
2730 | oidc_jwk_path = get_oidc_jwk_path (cls); | ||
2731 | oidc_jwk = read_jwk_from_file (oidc_jwk_path); | ||
2732 | |||
2733 | // Check if secret JWK exists | ||
2734 | if (! oidc_jwk) | ||
2735 | { | ||
2736 | // Generate and save a new key | ||
2737 | oidc_jwk = generate_jwk (); | ||
2738 | oidc_directory = get_oidc_dir_path (cls); | ||
2739 | |||
2740 | // Create new oidc directory | ||
2741 | if (GNUNET_OK != GNUNET_DISK_directory_create (oidc_directory)) | ||
2742 | { | ||
2743 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2744 | ("Failed to create directory `%s' for storing oidc data\n"), | ||
2745 | oidc_directory); | ||
2746 | } | ||
2747 | else | ||
2748 | { | ||
2749 | write_jwk_to_file (oidc_jwk_path, oidc_jwk); | ||
2750 | } | ||
2751 | } | ||
2752 | |||
2753 | // Convert secret JWK to public JWK | ||
2754 | jose_jwk_pub (NULL, oidc_jwk); | ||
2755 | |||
2756 | // Encode JWK as string and return to API endpoint | ||
2757 | oidc_jwk_pub_str = json_dumps (oidc_jwk, JSON_INDENT (1)); | ||
2758 | resp = GNUNET_REST_create_response (oidc_jwk_pub_str); | ||
2759 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2760 | json_decref (oidc_jwk); | ||
2761 | GNUNET_free (oidc_jwk_pub_str); | ||
2762 | GNUNET_free (oidc_jwk_pub_str); | ||
2763 | cleanup_handle (handle); | ||
2764 | } | ||
2765 | |||
2766 | /** | ||
2767 | * If listing is enabled, prints information about the egos. | ||
2768 | * | ||
2769 | * This function is initially called for all egos and then again | ||
2770 | * whenever a ego's identifier changes or if it is deleted. At the | ||
2771 | * end of the initial pass over all egos, the function is once called | ||
2772 | * with 'NULL' for 'ego'. That does NOT mean that the callback won't | ||
2773 | * be invoked in the future or that there was an error. | ||
2774 | * | ||
2775 | * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this | ||
2776 | * function is only called ONCE, and 'NULL' being passed in 'ego' does | ||
2777 | * indicate an error (for example because name is taken or no default value is | ||
2778 | * known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the | ||
2779 | * value WILL be passed to a subsequent call to the identity callback of | ||
2780 | * 'GNUNET_IDENTITY_connect' (if that one was not NULL). | ||
2781 | * | ||
2782 | * When an identity is renamed, this function is called with the | ||
2783 | * (known) ego but the NEW identifier. | ||
2784 | * | ||
2785 | * When an identity is deleted, this function is called with the | ||
2786 | * (known) ego and "NULL" for the 'identifier'. In this case, | ||
2787 | * the 'ego' is henceforth invalid (and the 'ctx' should also be | ||
2788 | * cleaned up). | ||
2789 | * | ||
2790 | * @param cls closure | ||
2791 | * @param ego ego handle | ||
2792 | * @param ctx context for application to store data for this ego | ||
2793 | * (during the lifetime of this process, initially NULL) | ||
2794 | * @param identifier identifier assigned by the user for this ego, | ||
2795 | * NULL if the user just deleted the ego and it | ||
2796 | * must thus no longer be used | ||
2797 | */ | ||
2798 | static void | ||
2799 | list_ego (void *cls, | ||
2800 | struct GNUNET_IDENTITY_Ego *ego, | ||
2801 | void **ctx, | ||
2802 | const char *identifier) | ||
2803 | { | ||
2804 | struct EgoEntry *ego_entry; | ||
2805 | struct GNUNET_CRYPTO_PublicKey pk; | ||
2806 | |||
2807 | if (NULL == ego) | ||
2808 | { | ||
2809 | state = ID_REST_STATE_POST_INIT; | ||
2810 | return; | ||
2811 | } | ||
2812 | if (ID_REST_STATE_INIT == state) | ||
2813 | |||
2814 | { | ||
2815 | ego_entry = GNUNET_new (struct EgoEntry); | ||
2816 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | ||
2817 | ego_entry->keystring = GNUNET_CRYPTO_public_key_to_string (&pk); | ||
2818 | ego_entry->ego = ego; | ||
2819 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
2820 | GNUNET_CONTAINER_DLL_insert_tail (ego_head, | ||
2821 | ego_tail, | ||
2822 | ego_entry); | ||
2823 | return; | ||
2824 | } | ||
2825 | /* Ego renamed or added */ | ||
2826 | if (identifier != NULL) | ||
2827 | { | ||
2828 | for (ego_entry = ego_head; NULL != ego_entry; | ||
2829 | ego_entry = ego_entry->next) | ||
2830 | { | ||
2831 | if (ego_entry->ego == ego) | ||
2832 | { | ||
2833 | /* Rename */ | ||
2834 | GNUNET_free (ego_entry->identifier); | ||
2835 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
2836 | break; | ||
2837 | } | ||
2838 | } | ||
2839 | if (NULL == ego_entry) | ||
2840 | { | ||
2841 | /* Add */ | ||
2842 | ego_entry = GNUNET_new (struct EgoEntry); | ||
2843 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | ||
2844 | ego_entry->keystring = GNUNET_CRYPTO_public_key_to_string (&pk); | ||
2845 | ego_entry->ego = ego; | ||
2846 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
2847 | GNUNET_CONTAINER_DLL_insert_tail (ego_head, | ||
2848 | ego_tail, | ||
2849 | ego_entry); | ||
2850 | } | ||
2851 | } | ||
2852 | else | ||
2853 | { | ||
2854 | /* Delete */ | ||
2855 | for (ego_entry = ego_head; NULL != ego_entry; | ||
2856 | ego_entry = ego_entry->next) | ||
2857 | { | ||
2858 | if (ego_entry->ego == ego) | ||
2859 | break; | ||
2860 | } | ||
2861 | if (NULL == ego_entry) | ||
2862 | return; /* Not found */ | ||
2863 | |||
2864 | GNUNET_CONTAINER_DLL_remove (ego_head, | ||
2865 | ego_tail, | ||
2866 | ego_entry); | ||
2867 | GNUNET_free (ego_entry->identifier); | ||
2868 | GNUNET_free (ego_entry->keystring); | ||
2869 | GNUNET_free (ego_entry); | ||
2870 | return; | ||
2871 | } | ||
2872 | } | ||
2873 | |||
2874 | |||
2875 | static void | ||
2876 | oidc_config_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | ||
2877 | const char *url, | ||
2878 | void *cls) | ||
2879 | { | ||
2880 | json_t *oidc_config; | ||
2881 | json_t *auth_methods; | ||
2882 | json_t *sig_algs; | ||
2883 | json_t *scopes; | ||
2884 | json_t *response_types; | ||
2885 | json_t *sub_types; | ||
2886 | json_t *claim_types; | ||
2887 | char *oidc_config_str; | ||
2888 | struct MHD_Response *resp; | ||
2889 | struct RequestHandle *handle = cls; | ||
2890 | |||
2891 | oidc_config = json_object (); | ||
2892 | // FIXME get from config? | ||
2893 | json_object_set_new (oidc_config, | ||
2894 | "issuer", json_string ("http://localhost:7776")); | ||
2895 | json_object_set_new (oidc_config, | ||
2896 | "authorization_endpoint", | ||
2897 | json_string ("https://api.reclaim/openid/authorize")); | ||
2898 | json_object_set_new (oidc_config, | ||
2899 | "token_endpoint", | ||
2900 | json_string ("http://localhost:7776/openid/token")); | ||
2901 | auth_methods = json_array (); | ||
2902 | json_array_append_new (auth_methods, | ||
2903 | json_string ("client_secret_basic")); | ||
2904 | json_array_append_new (auth_methods, | ||
2905 | json_string ("client_secret_post")); | ||
2906 | json_object_set_new (oidc_config, | ||
2907 | "token_endpoint_auth_methods_supported", | ||
2908 | auth_methods); | ||
2909 | sig_algs = json_array (); | ||
2910 | json_array_append_new (sig_algs, | ||
2911 | json_string ("HS512")); | ||
2912 | json_array_append_new (sig_algs, | ||
2913 | json_string ("RS256")); | ||
2914 | json_object_set_new (oidc_config, | ||
2915 | "id_token_signing_alg_values_supported", | ||
2916 | sig_algs); | ||
2917 | json_object_set_new (oidc_config, | ||
2918 | "jwks_uri", | ||
2919 | json_string ("http://localhost:7776/jwks.json")); | ||
2920 | json_object_set_new (oidc_config, | ||
2921 | "userinfo_endpoint", | ||
2922 | json_string ("http://localhost:7776/openid/userinfo")); | ||
2923 | scopes = json_array (); | ||
2924 | json_array_append_new (scopes, | ||
2925 | json_string ("openid")); | ||
2926 | json_array_append_new (scopes, | ||
2927 | json_string ("profile")); | ||
2928 | json_array_append_new (scopes, | ||
2929 | json_string ("email")); | ||
2930 | json_array_append_new (scopes, | ||
2931 | json_string ("address")); | ||
2932 | json_array_append_new (scopes, | ||
2933 | json_string ("phone")); | ||
2934 | json_object_set_new (oidc_config, | ||
2935 | "scopes_supported", | ||
2936 | scopes); | ||
2937 | response_types = json_array (); | ||
2938 | json_array_append_new (response_types, | ||
2939 | json_string ("code")); | ||
2940 | json_object_set_new (oidc_config, | ||
2941 | "response_types_supported", | ||
2942 | response_types); | ||
2943 | sub_types = json_array (); | ||
2944 | json_array_append_new (sub_types, | ||
2945 | json_string ("public")); /* no pairwise support */ | ||
2946 | json_object_set_new (oidc_config, | ||
2947 | "subject_types_supported", | ||
2948 | sub_types); | ||
2949 | claim_types = json_array (); | ||
2950 | json_array_append_new (claim_types, | ||
2951 | json_string ("normal")); | ||
2952 | json_array_append_new (claim_types, | ||
2953 | json_string ("aggregated")); | ||
2954 | json_object_set_new (oidc_config, | ||
2955 | "claim_types_supported", | ||
2956 | claim_types); | ||
2957 | json_object_set_new (oidc_config, | ||
2958 | "claims_parameter_supported", | ||
2959 | json_boolean (1)); | ||
2960 | oidc_config_str = json_dumps (oidc_config, JSON_INDENT (1)); | ||
2961 | resp = GNUNET_REST_create_response (oidc_config_str); | ||
2962 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2963 | json_decref (oidc_config); | ||
2964 | GNUNET_free (oidc_config_str); | ||
2965 | cleanup_handle (handle); | ||
2966 | } | ||
2967 | |||
2968 | |||
2969 | /** | ||
2970 | * Respond to OPTIONS request | ||
2971 | * | ||
2972 | * @param con_handle the connection handle | ||
2973 | * @param url the url | ||
2974 | * @param cls the RequestHandle | ||
2975 | */ | ||
2976 | static void | ||
2977 | oidc_config_cors (struct GNUNET_REST_RequestHandle *con_handle, | ||
2978 | const char *url, | ||
2979 | void *cls) | ||
2980 | { | ||
2981 | struct MHD_Response *resp; | ||
2982 | struct RequestHandle *handle = cls; | ||
2983 | |||
2984 | // For now, independent of path return all options | ||
2985 | resp = GNUNET_REST_create_response (NULL); | ||
2986 | GNUNET_assert (MHD_NO != | ||
2987 | MHD_add_response_header (resp, | ||
2988 | "Access-Control-Allow-Methods", | ||
2989 | allow_methods)); | ||
2990 | GNUNET_assert (MHD_NO != | ||
2991 | MHD_add_response_header (resp, | ||
2992 | "Access-Control-Allow-Origin", | ||
2993 | "*")); | ||
2994 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
2995 | cleanup_handle (handle); | ||
2996 | return; | ||
2997 | } | ||
2998 | |||
2999 | |||
3000 | static enum GNUNET_GenericReturnValue | ||
3001 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | ||
3002 | GNUNET_REST_ResultProcessor proc, | ||
3003 | void *proc_cls) | ||
3004 | { | ||
3005 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | ||
3006 | struct GNUNET_REST_RequestHandlerError err; | ||
3007 | static const struct GNUNET_REST_RequestHandler handlers[] = | ||
3008 | { { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, | ||
3009 | { MHD_HTTP_METHOD_POST, | ||
3010 | GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint }, // url-encoded | ||
3011 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont }, | ||
3012 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint }, | ||
3013 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | ||
3014 | { MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint }, | ||
3015 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_JWKS, &jwks_endpoint }, | ||
3016 | { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_OIDC_CONFIG, | ||
3017 | &oidc_config_endpoint }, | ||
3018 | { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC_CONFIG, | ||
3019 | &oidc_config_cors }, | ||
3020 | { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC, &options_cont }, | ||
3021 | GNUNET_REST_HANDLER_END }; | ||
3022 | |||
3023 | handle->oidc = GNUNET_new (struct OIDC_Variables); | ||
3024 | if (NULL == OIDC_cookie_jar_map) | ||
3025 | OIDC_cookie_jar_map = GNUNET_CONTAINER_multihashmap_create (10, | ||
3026 | GNUNET_NO); | ||
3027 | if (NULL == oidc_code_cache) | ||
3028 | oidc_code_cache = GNUNET_CONTAINER_multihashmap_create (10, | ||
3029 | GNUNET_NO); | ||
3030 | |||
3031 | handle->response_code = 0; | ||
3032 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | ||
3033 | handle->proc_cls = proc_cls; | ||
3034 | handle->proc = proc; | ||
3035 | handle->rest_handle = rest_handle; | ||
3036 | handle->url = GNUNET_strdup (rest_handle->url); | ||
3037 | handle->timeout_task = | ||
3038 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); | ||
3039 | GNUNET_CONTAINER_DLL_insert (requests_head, | ||
3040 | requests_tail, | ||
3041 | handle); | ||
3042 | if (handle->url[strlen (handle->url) - 1] == '/') | ||
3043 | handle->url[strlen (handle->url) - 1] = '\0'; | ||
3044 | if (GNUNET_NO == | ||
3045 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) | ||
3046 | return GNUNET_NO; | ||
3047 | |||
3048 | return GNUNET_YES; | ||
3049 | } | ||
3050 | |||
3051 | |||
3052 | /** | ||
3053 | * Entry point for the plugin. | ||
3054 | * | ||
3055 | * @param cls Config info | ||
3056 | * @return NULL on error, otherwise the plugin context | ||
3057 | */ | ||
3058 | void * | ||
3059 | libgnunet_plugin_rest_openid_connect_init (void *cls) | ||
3060 | { | ||
3061 | static struct Plugin plugin; | ||
3062 | struct GNUNET_REST_Plugin *api; | ||
3063 | |||
3064 | cfg = cls; | ||
3065 | if (NULL != plugin.cfg) | ||
3066 | return NULL; /* can only initialize once! */ | ||
3067 | memset (&plugin, 0, sizeof(struct Plugin)); | ||
3068 | plugin.cfg = cfg; | ||
3069 | api = GNUNET_new (struct GNUNET_REST_Plugin); | ||
3070 | api->cls = &plugin; | ||
3071 | api->name = GNUNET_REST_API_NS_OIDC; | ||
3072 | api->process_request = &rest_identity_process_request; | ||
3073 | identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, NULL); | ||
3074 | gns_handle = GNUNET_GNS_connect (cfg); | ||
3075 | idp = GNUNET_RECLAIM_connect (cfg); | ||
3076 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, | ||
3077 | "reclaim-rest-plugin", | ||
3078 | "OIDC_USERINFO_CONSUME_TIMEOUT", | ||
3079 | &consume_timeout)) | ||
3080 | { | ||
3081 | consume_timeout = CONSUME_TIMEOUT; | ||
3082 | } | ||
3083 | |||
3084 | |||
3085 | state = ID_REST_STATE_INIT; | ||
3086 | GNUNET_asprintf (&allow_methods, | ||
3087 | "%s, %s, %s, %s, %s", | ||
3088 | MHD_HTTP_METHOD_GET, | ||
3089 | MHD_HTTP_METHOD_POST, | ||
3090 | MHD_HTTP_METHOD_PUT, | ||
3091 | MHD_HTTP_METHOD_DELETE, | ||
3092 | MHD_HTTP_METHOD_OPTIONS); | ||
3093 | |||
3094 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3095 | _ ("OpenID Connect REST API initialized\n")); | ||
3096 | return api; | ||
3097 | } | ||
3098 | |||
3099 | |||
3100 | static int | ||
3101 | cleanup_hashmap (void *cls, const struct GNUNET_HashCode *key, void *value) | ||
3102 | { | ||
3103 | GNUNET_free (value); | ||
3104 | return GNUNET_YES; | ||
3105 | } | ||
3106 | |||
3107 | |||
3108 | /** | ||
3109 | * Exit point from the plugin. | ||
3110 | * | ||
3111 | * @param cls the plugin context (as returned by "init") | ||
3112 | * @return always NULL | ||
3113 | */ | ||
3114 | void * | ||
3115 | libgnunet_plugin_rest_openid_connect_done (void *cls) | ||
3116 | { | ||
3117 | struct GNUNET_REST_Plugin *api = cls; | ||
3118 | struct Plugin *plugin = api->cls; | ||
3119 | struct EgoEntry *ego_entry; | ||
3120 | |||
3121 | plugin->cfg = NULL; | ||
3122 | while (NULL != requests_head) | ||
3123 | cleanup_handle (requests_head); | ||
3124 | if (NULL != OIDC_cookie_jar_map) | ||
3125 | { | ||
3126 | GNUNET_CONTAINER_multihashmap_iterate (OIDC_cookie_jar_map, | ||
3127 | &cleanup_hashmap, | ||
3128 | NULL); | ||
3129 | GNUNET_CONTAINER_multihashmap_destroy (OIDC_cookie_jar_map); | ||
3130 | } | ||
3131 | if (NULL != oidc_code_cache) | ||
3132 | { | ||
3133 | GNUNET_CONTAINER_multihashmap_iterate (oidc_code_cache, | ||
3134 | &cleanup_hashmap, | ||
3135 | NULL); | ||
3136 | GNUNET_CONTAINER_multihashmap_destroy (oidc_code_cache); | ||
3137 | } | ||
3138 | |||
3139 | GNUNET_free (allow_methods); | ||
3140 | if (NULL != gns_handle) | ||
3141 | GNUNET_GNS_disconnect (gns_handle); | ||
3142 | if (NULL != identity_handle) | ||
3143 | GNUNET_IDENTITY_disconnect (identity_handle); | ||
3144 | if (NULL != idp) | ||
3145 | GNUNET_RECLAIM_disconnect (idp); | ||
3146 | while (NULL != (ego_entry = ego_head)) | ||
3147 | { | ||
3148 | GNUNET_CONTAINER_DLL_remove (ego_head, | ||
3149 | ego_tail, | ||
3150 | ego_entry); | ||
3151 | GNUNET_free (ego_entry->identifier); | ||
3152 | GNUNET_free (ego_entry->keystring); | ||
3153 | GNUNET_free (ego_entry); | ||
3154 | } | ||
3155 | GNUNET_free (api); | ||
3156 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
3157 | "OpenID Connect REST plugin is finished\n"); | ||
3158 | return NULL; | ||
3159 | } | ||
3160 | |||
3161 | |||
3162 | /* end of plugin_rest_openid_connect.c */ | ||
diff --git a/src/reclaim/plugin_rest_pabc.c b/src/reclaim/plugin_rest_pabc.c deleted file mode 100644 index 4b7d21df3..000000000 --- a/src/reclaim/plugin_rest_pabc.c +++ /dev/null | |||
@@ -1,667 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file reclaim/plugin_rest_pabc.c | ||
23 | * @brief GNUnet pabc REST plugin | ||
24 | * | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "microhttpd.h" | ||
28 | #include <inttypes.h> | ||
29 | #include <jansson.h> | ||
30 | #include <pabc/pabc.h> | ||
31 | #include "gnunet_reclaim_lib.h" | ||
32 | #include "gnunet_reclaim_service.h" | ||
33 | #include "gnunet_rest_lib.h" | ||
34 | #include "gnunet_rest_plugin.h" | ||
35 | #include "gnunet_signatures.h" | ||
36 | #include "pabc_helper.h" | ||
37 | |||
38 | /** | ||
39 | * REST root namespace | ||
40 | */ | ||
41 | #define GNUNET_REST_API_NS_PABC "/pabc" | ||
42 | |||
43 | /** | ||
44 | * Credential request endpoint | ||
45 | */ | ||
46 | #define GNUNET_REST_API_NS_PABC_CR "/pabc/cr" | ||
47 | |||
48 | /** | ||
49 | * The configuration handle | ||
50 | */ | ||
51 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
52 | |||
53 | /** | ||
54 | * HTTP methods allows for this plugin | ||
55 | */ | ||
56 | static char *allow_methods; | ||
57 | |||
58 | /** | ||
59 | * @brief struct returned by the initialization function of the plugin | ||
60 | */ | ||
61 | struct Plugin | ||
62 | { | ||
63 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
64 | }; | ||
65 | |||
66 | |||
67 | struct RequestHandle | ||
68 | { | ||
69 | /** | ||
70 | * DLL | ||
71 | */ | ||
72 | struct RequestHandle *next; | ||
73 | |||
74 | /** | ||
75 | * DLL | ||
76 | */ | ||
77 | struct RequestHandle *prev; | ||
78 | |||
79 | /** | ||
80 | * Rest connection | ||
81 | */ | ||
82 | struct GNUNET_REST_RequestHandle *rest_handle; | ||
83 | |||
84 | /** | ||
85 | * Desired timeout for the lookup (default is no timeout). | ||
86 | */ | ||
87 | struct GNUNET_TIME_Relative timeout; | ||
88 | |||
89 | /** | ||
90 | * ID of a task associated with the resolution process. | ||
91 | */ | ||
92 | struct GNUNET_SCHEDULER_Task *timeout_task; | ||
93 | |||
94 | /** | ||
95 | * The plugin result processor | ||
96 | */ | ||
97 | GNUNET_REST_ResultProcessor proc; | ||
98 | |||
99 | /** | ||
100 | * The closure of the result processor | ||
101 | */ | ||
102 | void *proc_cls; | ||
103 | |||
104 | /** | ||
105 | * The url | ||
106 | */ | ||
107 | char *url; | ||
108 | |||
109 | /** | ||
110 | * Error response message | ||
111 | */ | ||
112 | char *emsg; | ||
113 | |||
114 | /** | ||
115 | * Response code | ||
116 | */ | ||
117 | int response_code; | ||
118 | |||
119 | /** | ||
120 | * Response object | ||
121 | */ | ||
122 | json_t *resp_object; | ||
123 | }; | ||
124 | |||
125 | /** | ||
126 | * DLL | ||
127 | */ | ||
128 | static struct RequestHandle *requests_head; | ||
129 | |||
130 | /** | ||
131 | * DLL | ||
132 | */ | ||
133 | static struct RequestHandle *requests_tail; | ||
134 | |||
135 | |||
136 | /** | ||
137 | * Cleanup lookup handle | ||
138 | * @param handle Handle to clean up | ||
139 | */ | ||
140 | static void | ||
141 | cleanup_handle (void *cls) | ||
142 | { | ||
143 | struct RequestHandle *handle = cls; | ||
144 | |||
145 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); | ||
146 | if (NULL != handle->resp_object) | ||
147 | json_decref (handle->resp_object); | ||
148 | if (NULL != handle->timeout_task) | ||
149 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | ||
150 | if (NULL != handle->url) | ||
151 | GNUNET_free (handle->url); | ||
152 | if (NULL != handle->emsg) | ||
153 | GNUNET_free (handle->emsg); | ||
154 | GNUNET_CONTAINER_DLL_remove (requests_head, | ||
155 | requests_tail, | ||
156 | handle); | ||
157 | GNUNET_free (handle); | ||
158 | } | ||
159 | |||
160 | |||
161 | /** | ||
162 | * Task run on error, sends error message. Cleans up everything. | ||
163 | * | ||
164 | * @param cls the `struct RequestHandle` | ||
165 | */ | ||
166 | static void | ||
167 | do_error (void *cls) | ||
168 | { | ||
169 | struct RequestHandle *handle = cls; | ||
170 | struct MHD_Response *resp; | ||
171 | char *json_error; | ||
172 | |||
173 | GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }", handle->emsg); | ||
174 | if (0 == handle->response_code) | ||
175 | { | ||
176 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
177 | } | ||
178 | resp = GNUNET_REST_create_response (json_error); | ||
179 | MHD_add_response_header (resp, "Content-Type", "application/json"); | ||
180 | handle->proc (handle->proc_cls, resp, handle->response_code); | ||
181 | cleanup_handle (handle); | ||
182 | GNUNET_free (json_error); | ||
183 | } | ||
184 | |||
185 | |||
186 | /** | ||
187 | * Task run on timeout, sends error message. Cleans up everything. | ||
188 | * | ||
189 | * @param cls the `struct RequestHandle` | ||
190 | */ | ||
191 | static void | ||
192 | do_timeout (void *cls) | ||
193 | { | ||
194 | struct RequestHandle *handle = cls; | ||
195 | |||
196 | handle->timeout_task = NULL; | ||
197 | do_error (handle); | ||
198 | } | ||
199 | |||
200 | |||
201 | static void | ||
202 | return_response (void *cls) | ||
203 | { | ||
204 | char *result_str; | ||
205 | struct RequestHandle *handle = cls; | ||
206 | struct MHD_Response *resp; | ||
207 | |||
208 | result_str = json_dumps (handle->resp_object, 0); | ||
209 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); | ||
210 | resp = GNUNET_REST_create_response (result_str); | ||
211 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); | ||
212 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
213 | GNUNET_free (result_str); | ||
214 | cleanup_handle (handle); | ||
215 | } | ||
216 | |||
217 | |||
218 | static enum pabc_status | ||
219 | set_attributes_from_idtoken (const struct pabc_context *ctx, | ||
220 | const struct pabc_public_parameters *pp, | ||
221 | struct pabc_user_context *usr_ctx, | ||
222 | const char *id_token) | ||
223 | { | ||
224 | json_t *payload_json; | ||
225 | json_t *value; | ||
226 | json_error_t json_err; | ||
227 | const char *key; | ||
228 | const char *jwt_body; | ||
229 | char *decoded_jwt; | ||
230 | char delim[] = "."; | ||
231 | char *jwt_string; | ||
232 | const char *pabc_key; | ||
233 | enum pabc_status status; | ||
234 | |||
235 | // FIXME parse JWT | ||
236 | jwt_string = GNUNET_strndup (id_token, strlen (id_token)); | ||
237 | jwt_body = strtok (jwt_string, delim); | ||
238 | jwt_body = strtok (NULL, delim); | ||
239 | GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), | ||
240 | (void **) &decoded_jwt); | ||
241 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded ID Token: %s\n", decoded_jwt); | ||
242 | payload_json = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); | ||
243 | GNUNET_free (decoded_jwt); | ||
244 | |||
245 | json_object_foreach (payload_json, key, value) | ||
246 | { | ||
247 | pabc_key = key; | ||
248 | if (0 == strcmp ("iss", key)) | ||
249 | pabc_key = "issuer"; // rename | ||
250 | if (0 == strcmp ("sub", key)) | ||
251 | pabc_key = "subject"; // rename | ||
252 | if (0 == strcmp ("jti", key)) | ||
253 | continue; | ||
254 | if (0 == strcmp ("exp", key)) | ||
255 | pabc_key = "expiration"; // rename | ||
256 | if (0 == strcmp ("iat", key)) | ||
257 | continue; | ||
258 | if (0 == strcmp ("nbf", key)) | ||
259 | continue; | ||
260 | if (0 == strcmp ("aud", key)) | ||
261 | continue; | ||
262 | char *tmp_val; | ||
263 | if (json_is_string (value)) | ||
264 | tmp_val = GNUNET_strdup (json_string_value (value)); | ||
265 | else | ||
266 | tmp_val = json_dumps (value, JSON_ENCODE_ANY); | ||
267 | if (NULL == tmp_val) | ||
268 | { | ||
269 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
270 | "Unable to encode JSON value for `%s'\n", key); | ||
271 | continue; | ||
272 | } | ||
273 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
274 | "Setting `%s' to `%s'\n", key, tmp_val); | ||
275 | status = pabc_set_attribute_value_by_name (ctx, pp, usr_ctx, | ||
276 | pabc_key, | ||
277 | tmp_val); | ||
278 | GNUNET_free (tmp_val); | ||
279 | if (PABC_OK != status) | ||
280 | { | ||
281 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
282 | "Failed to set attribute `%s'.\n", key); | ||
283 | } | ||
284 | } | ||
285 | GNUNET_free (jwt_string); | ||
286 | return PABC_OK; | ||
287 | } | ||
288 | |||
289 | |||
290 | static enum GNUNET_GenericReturnValue | ||
291 | setup_new_user_context (struct pabc_context *ctx, | ||
292 | struct pabc_public_parameters *pp, | ||
293 | struct pabc_user_context **usr_ctx) | ||
294 | { | ||
295 | if (PABC_OK != pabc_new_user_context (ctx, pp, usr_ctx)) | ||
296 | return GNUNET_SYSERR; | ||
297 | |||
298 | if (PABC_OK != pabc_populate_user_context (ctx, *usr_ctx)) | ||
299 | { | ||
300 | pabc_free_user_context (ctx, pp, usr_ctx); | ||
301 | return GNUNET_SYSERR; | ||
302 | } | ||
303 | return GNUNET_OK; | ||
304 | } | ||
305 | |||
306 | |||
307 | static void | ||
308 | cr_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
309 | const char *url, | ||
310 | void *cls) | ||
311 | { | ||
312 | struct RequestHandle *handle = cls; | ||
313 | char term_data[handle->rest_handle->data_size + 1]; | ||
314 | char *response_str; | ||
315 | json_t *data_json; | ||
316 | json_t *nonce_json; | ||
317 | json_t *pp_json; | ||
318 | json_t *idtoken_json; | ||
319 | json_t *iss_json; | ||
320 | json_t *identity_json; | ||
321 | json_error_t err; | ||
322 | struct pabc_public_parameters *pp = NULL; | ||
323 | struct pabc_context *ctx = NULL; | ||
324 | struct pabc_user_context *usr_ctx = NULL; | ||
325 | struct pabc_credential_request *cr = NULL; | ||
326 | struct pabc_nonce *nonce = NULL; | ||
327 | enum pabc_status status; | ||
328 | |||
329 | |||
330 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
331 | "Credential request...\n"); | ||
332 | |||
333 | if (0 >= handle->rest_handle->data_size) | ||
334 | { | ||
335 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
336 | return; | ||
337 | } | ||
338 | |||
339 | term_data[handle->rest_handle->data_size] = '\0'; | ||
340 | GNUNET_memcpy (term_data, | ||
341 | handle->rest_handle->data, | ||
342 | handle->rest_handle->data_size); | ||
343 | data_json = json_loads (term_data, JSON_DECODE_ANY, &err); | ||
344 | if (NULL == data_json) | ||
345 | { | ||
346 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
347 | "Unable to parse %s\n", term_data); | ||
348 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
349 | return; | ||
350 | } | ||
351 | if (! json_is_object (data_json)) | ||
352 | { | ||
353 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
354 | "Unable to parse %s\n", term_data); | ||
355 | json_decref (data_json); | ||
356 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
357 | return; | ||
358 | } | ||
359 | |||
360 | nonce_json = json_object_get (data_json, "nonce"); | ||
361 | if (NULL == nonce_json) | ||
362 | { | ||
363 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
364 | "Unable to parse nonce\n"); | ||
365 | json_decref (data_json); | ||
366 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
367 | return; | ||
368 | } | ||
369 | iss_json = json_object_get (data_json, "issuer"); | ||
370 | if (NULL == iss_json) | ||
371 | { | ||
372 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
373 | "Unable to parse issuer\n"); | ||
374 | json_decref (data_json); | ||
375 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
376 | return; | ||
377 | } | ||
378 | identity_json = json_object_get (data_json, "identity"); | ||
379 | if (NULL == identity_json) | ||
380 | { | ||
381 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
382 | "Unable to parse identity\n"); | ||
383 | json_decref (data_json); | ||
384 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
385 | return; | ||
386 | } | ||
387 | idtoken_json = json_object_get (data_json, "id_token"); | ||
388 | if (NULL == idtoken_json) | ||
389 | { | ||
390 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
391 | "Unable to parse id_token\n"); | ||
392 | json_decref (data_json); | ||
393 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
394 | return; | ||
395 | } | ||
396 | pp_json = json_object_get (data_json, "public_params"); | ||
397 | if (NULL == pp_json) | ||
398 | { | ||
399 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
400 | "Unable to parse public parameters\n"); | ||
401 | json_decref (data_json); | ||
402 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
403 | return; | ||
404 | } | ||
405 | |||
406 | PABC_ASSERT (pabc_new_ctx (&ctx)); | ||
407 | char *pp_str = json_dumps (pp_json, JSON_ENCODE_ANY); | ||
408 | status = pabc_decode_and_new_public_parameters (ctx, | ||
409 | &pp, | ||
410 | pp_str); | ||
411 | char *ppid; | ||
412 | GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_pp (pp_str, &ppid)); | ||
413 | GNUNET_free (pp_str); | ||
414 | if (status != PABC_OK) | ||
415 | { | ||
416 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
417 | "Failed to read public parameters: %s\n", | ||
418 | pp_str); | ||
419 | json_decref (data_json); | ||
420 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
421 | return; | ||
422 | } | ||
423 | // (Over)write parameters | ||
424 | status = PABC_write_public_parameters (json_string_value (iss_json), | ||
425 | pp); | ||
426 | if (status != PABC_OK) | ||
427 | { | ||
428 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
429 | "Failed to write public parameters.\n"); | ||
430 | json_decref (data_json); | ||
431 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
432 | return; | ||
433 | } | ||
434 | status = PABC_read_usr_ctx (json_string_value (identity_json), | ||
435 | json_string_value (iss_json), | ||
436 | ctx, pp, &usr_ctx); | ||
437 | if (PABC_OK != status) | ||
438 | { | ||
439 | if (GNUNET_OK != setup_new_user_context (ctx, pp, &usr_ctx)) | ||
440 | { | ||
441 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to setup user context.\n"); | ||
442 | pabc_free_public_parameters (ctx, &pp); | ||
443 | json_decref (data_json); | ||
444 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
445 | return; | ||
446 | } | ||
447 | PABC_write_usr_ctx (json_string_value (identity_json), | ||
448 | json_string_value (iss_json), | ||
449 | ctx, pp, usr_ctx); | ||
450 | } | ||
451 | |||
452 | // Set attributes from JWT to context | ||
453 | status = set_attributes_from_idtoken (ctx, | ||
454 | pp, | ||
455 | usr_ctx, | ||
456 | json_string_value (idtoken_json)); | ||
457 | if (status != PABC_OK) | ||
458 | { | ||
459 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to set attributes.\n"); | ||
460 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
461 | pabc_free_public_parameters (ctx, &pp); | ||
462 | json_decref (data_json); | ||
463 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
464 | return; | ||
465 | } | ||
466 | |||
467 | |||
468 | // nonce | ||
469 | status = pabc_new_nonce (ctx, &nonce); | ||
470 | if (status != PABC_OK) | ||
471 | { | ||
472 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to allocate nonce.\n"); | ||
473 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
474 | pabc_free_public_parameters (ctx, &pp); | ||
475 | json_decref (data_json); | ||
476 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
477 | return; | ||
478 | } | ||
479 | char *nonce_str = json_dumps (nonce_json, JSON_ENCODE_ANY); | ||
480 | status = pabc_decode_nonce (ctx, nonce, nonce_str); | ||
481 | if (status != PABC_OK) | ||
482 | { | ||
483 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to decode nonce.\n"); | ||
484 | pabc_free_nonce (ctx, &nonce); | ||
485 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
486 | pabc_free_public_parameters (ctx, &pp); | ||
487 | json_decref (data_json); | ||
488 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
489 | return; | ||
490 | } | ||
491 | |||
492 | // cr | ||
493 | status = pabc_new_credential_request (ctx, pp, &cr); | ||
494 | if (PABC_OK != status) | ||
495 | { | ||
496 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to allocate cr.\n"); | ||
497 | pabc_free_nonce (ctx, &nonce); | ||
498 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
499 | pabc_free_public_parameters (ctx, &pp); | ||
500 | json_decref (data_json); | ||
501 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
502 | return; | ||
503 | } | ||
504 | |||
505 | status = pabc_gen_credential_request (ctx, pp, usr_ctx, nonce, cr); | ||
506 | if (PABC_OK != status) | ||
507 | { | ||
508 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to generate cr.\n"); | ||
509 | pabc_free_nonce (ctx, &nonce); | ||
510 | pabc_free_credential_request (ctx, pp, &cr); | ||
511 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
512 | pabc_free_public_parameters (ctx, &pp); | ||
513 | json_decref (data_json); | ||
514 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
515 | return; | ||
516 | } | ||
517 | handle->resp_object = json_object (); | ||
518 | GNUNET_assert (PABC_OK == pabc_cred_encode_cr (ctx, pp, cr, | ||
519 | json_string_value ( | ||
520 | identity_json), | ||
521 | ppid, &response_str)); | ||
522 | if (PABC_OK != status) | ||
523 | { | ||
524 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to serialize cr.\n"); | ||
525 | pabc_free_nonce (ctx, &nonce); | ||
526 | pabc_free_credential_request (ctx, pp, &cr); | ||
527 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
528 | pabc_free_public_parameters (ctx, &pp); | ||
529 | json_decref (data_json); | ||
530 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
531 | return; | ||
532 | } | ||
533 | json_decref (handle->resp_object); | ||
534 | handle->resp_object = json_loads (response_str, JSON_DECODE_ANY, &err); | ||
535 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", response_str); | ||
536 | GNUNET_free (response_str); | ||
537 | |||
538 | // clean up | ||
539 | pabc_free_nonce (ctx, &nonce); | ||
540 | pabc_free_credential_request (ctx, pp, &cr); | ||
541 | pabc_free_user_context (ctx, pp, &usr_ctx); | ||
542 | pabc_free_public_parameters (ctx, &pp); | ||
543 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
544 | json_decref (data_json); | ||
545 | } | ||
546 | |||
547 | |||
548 | /** | ||
549 | * Respond to OPTIONS request | ||
550 | * | ||
551 | * @param con_handle the connection handle | ||
552 | * @param url the url | ||
553 | * @param cls the RequestHandle | ||
554 | */ | ||
555 | static void | ||
556 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
557 | const char *url, | ||
558 | void *cls) | ||
559 | { | ||
560 | struct MHD_Response *resp; | ||
561 | struct RequestHandle *handle = cls; | ||
562 | |||
563 | // For now, independent of path return all options | ||
564 | resp = GNUNET_REST_create_response (NULL); | ||
565 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); | ||
566 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
567 | cleanup_handle (handle); | ||
568 | return; | ||
569 | } | ||
570 | |||
571 | |||
572 | static enum GNUNET_GenericReturnValue | ||
573 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | ||
574 | GNUNET_REST_ResultProcessor proc, | ||
575 | void *proc_cls) | ||
576 | { | ||
577 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | ||
578 | struct GNUNET_REST_RequestHandlerError err; | ||
579 | static const struct GNUNET_REST_RequestHandler handlers[] = { | ||
580 | {MHD_HTTP_METHOD_POST, | ||
581 | GNUNET_REST_API_NS_PABC_CR, &cr_cont }, | ||
582 | { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_PABC, &options_cont }, | ||
583 | GNUNET_REST_HANDLER_END | ||
584 | }; | ||
585 | |||
586 | handle->response_code = 0; | ||
587 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | ||
588 | handle->proc_cls = proc_cls; | ||
589 | handle->proc = proc; | ||
590 | handle->rest_handle = rest_handle; | ||
591 | |||
592 | handle->url = GNUNET_strdup (rest_handle->url); | ||
593 | if (handle->url[strlen (handle->url) - 1] == '/') | ||
594 | handle->url[strlen (handle->url) - 1] = '\0'; | ||
595 | handle->timeout_task = | ||
596 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); | ||
597 | GNUNET_CONTAINER_DLL_insert (requests_head, | ||
598 | requests_tail, | ||
599 | handle); | ||
600 | if (GNUNET_NO == | ||
601 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) | ||
602 | { | ||
603 | cleanup_handle (handle); | ||
604 | return GNUNET_NO; | ||
605 | } | ||
606 | |||
607 | return GNUNET_YES; | ||
608 | } | ||
609 | |||
610 | |||
611 | /** | ||
612 | * Entry point for the plugin. | ||
613 | * | ||
614 | * @param cls Config info | ||
615 | * @return NULL on error, otherwise the plugin context | ||
616 | */ | ||
617 | void * | ||
618 | libgnunet_plugin_rest_pabc_init (void *cls) | ||
619 | { | ||
620 | static struct Plugin plugin; | ||
621 | struct GNUNET_REST_Plugin *api; | ||
622 | |||
623 | cfg = cls; | ||
624 | if (NULL != plugin.cfg) | ||
625 | return NULL; /* can only initialize once! */ | ||
626 | memset (&plugin, 0, sizeof(struct Plugin)); | ||
627 | plugin.cfg = cfg; | ||
628 | api = GNUNET_new (struct GNUNET_REST_Plugin); | ||
629 | api->cls = &plugin; | ||
630 | api->name = GNUNET_REST_API_NS_PABC; | ||
631 | api->process_request = &rest_identity_process_request; | ||
632 | GNUNET_asprintf (&allow_methods, | ||
633 | "%s, %s", | ||
634 | MHD_HTTP_METHOD_POST, | ||
635 | MHD_HTTP_METHOD_OPTIONS); | ||
636 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
637 | _ ("Identity Provider REST API initialized\n")); | ||
638 | return api; | ||
639 | } | ||
640 | |||
641 | |||
642 | /** | ||
643 | * Exit point from the plugin. | ||
644 | * | ||
645 | * @param cls the plugin context (as returned by "init") | ||
646 | * @return always NULL | ||
647 | */ | ||
648 | void * | ||
649 | libgnunet_plugin_rest_reclaim_done (void *cls) | ||
650 | { | ||
651 | struct GNUNET_REST_Plugin *api = cls; | ||
652 | struct Plugin *plugin = api->cls; | ||
653 | struct RequestHandle *request; | ||
654 | |||
655 | plugin->cfg = NULL; | ||
656 | while (NULL != (request = requests_head)) | ||
657 | do_error (request); | ||
658 | |||
659 | GNUNET_free (allow_methods); | ||
660 | GNUNET_free (api); | ||
661 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
662 | "PABC REST plugin is finished\n"); | ||
663 | return NULL; | ||
664 | } | ||
665 | |||
666 | |||
667 | /* end of plugin_rest_reclaim.c */ | ||
diff --git a/src/reclaim/plugin_rest_reclaim.c b/src/reclaim/plugin_rest_reclaim.c deleted file mode 100644 index b2586109a..000000000 --- a/src/reclaim/plugin_rest_reclaim.c +++ /dev/null | |||
@@ -1,1564 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @author Philippe Buschmann | ||
23 | * @file reclaim/plugin_rest_reclaim.c | ||
24 | * @brief GNUnet reclaim REST plugin | ||
25 | * | ||
26 | */ | ||
27 | #include "platform.h" | ||
28 | #include "microhttpd.h" | ||
29 | #include <inttypes.h> | ||
30 | #include <jansson.h> | ||
31 | #include "gnunet_gns_service.h" | ||
32 | #include "gnunet_gnsrecord_lib.h" | ||
33 | #include "gnunet_identity_service.h" | ||
34 | #include "gnunet_reclaim_lib.h" | ||
35 | #include "gnunet_reclaim_service.h" | ||
36 | #include "gnunet_rest_lib.h" | ||
37 | #include "gnunet_rest_plugin.h" | ||
38 | #include "gnunet_signatures.h" | ||
39 | #include "json_reclaim.h" | ||
40 | /** | ||
41 | * REST root namespace | ||
42 | */ | ||
43 | #define GNUNET_REST_API_NS_RECLAIM "/reclaim" | ||
44 | |||
45 | /** | ||
46 | * Attribute namespace | ||
47 | */ | ||
48 | #define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes" | ||
49 | |||
50 | /** | ||
51 | * Credential namespace | ||
52 | */ | ||
53 | #define GNUNET_REST_API_NS_RECLAIM_CREDENTIAL "/reclaim/credential" | ||
54 | |||
55 | /** | ||
56 | * Ticket namespace | ||
57 | */ | ||
58 | #define GNUNET_REST_API_NS_IDENTITY_TICKETS "/reclaim/tickets" | ||
59 | |||
60 | /** | ||
61 | * Revoke namespace | ||
62 | */ | ||
63 | #define GNUNET_REST_API_NS_IDENTITY_REVOKE "/reclaim/revoke" | ||
64 | |||
65 | /** | ||
66 | * Revoke namespace | ||
67 | */ | ||
68 | #define GNUNET_REST_API_NS_IDENTITY_CONSUME "/reclaim/consume" | ||
69 | |||
70 | /** | ||
71 | * State while collecting all egos | ||
72 | */ | ||
73 | #define ID_REST_STATE_INIT 0 | ||
74 | |||
75 | /** | ||
76 | * Done collecting egos | ||
77 | */ | ||
78 | #define ID_REST_STATE_POST_INIT 1 | ||
79 | |||
80 | /** | ||
81 | * The configuration handle | ||
82 | */ | ||
83 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
84 | |||
85 | /** | ||
86 | * HTTP methods allows for this plugin | ||
87 | */ | ||
88 | static char *allow_methods; | ||
89 | |||
90 | /** | ||
91 | * Ego list | ||
92 | */ | ||
93 | static struct EgoEntry *ego_head; | ||
94 | |||
95 | /** | ||
96 | * Ego list | ||
97 | */ | ||
98 | static struct EgoEntry *ego_tail; | ||
99 | |||
100 | /** | ||
101 | * The processing state | ||
102 | */ | ||
103 | static int state; | ||
104 | |||
105 | /** | ||
106 | * Handle to Identity service. | ||
107 | */ | ||
108 | static struct GNUNET_IDENTITY_Handle *identity_handle; | ||
109 | |||
110 | /** | ||
111 | * Identity Provider | ||
112 | */ | ||
113 | static struct GNUNET_RECLAIM_Handle *idp; | ||
114 | |||
115 | /** | ||
116 | * @brief struct returned by the initialization function of the plugin | ||
117 | */ | ||
118 | struct Plugin | ||
119 | { | ||
120 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
121 | }; | ||
122 | |||
123 | /** | ||
124 | * The ego list | ||
125 | */ | ||
126 | struct EgoEntry | ||
127 | { | ||
128 | /** | ||
129 | * DLL | ||
130 | */ | ||
131 | struct EgoEntry *next; | ||
132 | |||
133 | /** | ||
134 | * DLL | ||
135 | */ | ||
136 | struct EgoEntry *prev; | ||
137 | |||
138 | /** | ||
139 | * Ego Identifier | ||
140 | */ | ||
141 | char *identifier; | ||
142 | |||
143 | /** | ||
144 | * Public key string | ||
145 | */ | ||
146 | char *keystring; | ||
147 | |||
148 | /** | ||
149 | * The Ego | ||
150 | */ | ||
151 | struct GNUNET_IDENTITY_Ego *ego; | ||
152 | }; | ||
153 | |||
154 | |||
155 | struct RequestHandle | ||
156 | { | ||
157 | /** | ||
158 | * DLL | ||
159 | */ | ||
160 | struct RequestHandle *next; | ||
161 | |||
162 | /** | ||
163 | * DLL | ||
164 | */ | ||
165 | struct RequestHandle *prev; | ||
166 | |||
167 | /** | ||
168 | * Selected ego | ||
169 | */ | ||
170 | struct EgoEntry *ego_entry; | ||
171 | |||
172 | /** | ||
173 | * Pointer to ego private key | ||
174 | */ | ||
175 | struct GNUNET_CRYPTO_PrivateKey priv_key; | ||
176 | |||
177 | /** | ||
178 | * Rest connection | ||
179 | */ | ||
180 | struct GNUNET_REST_RequestHandle *rest_handle; | ||
181 | |||
182 | /** | ||
183 | * Attribute claim list | ||
184 | */ | ||
185 | struct GNUNET_RECLAIM_AttributeList *attr_list; | ||
186 | |||
187 | /** | ||
188 | * IDENTITY Operation | ||
189 | */ | ||
190 | struct GNUNET_IDENTITY_Operation *op; | ||
191 | |||
192 | /** | ||
193 | * Idp Operation | ||
194 | */ | ||
195 | struct GNUNET_RECLAIM_Operation *idp_op; | ||
196 | |||
197 | /** | ||
198 | * Attribute iterator | ||
199 | */ | ||
200 | struct GNUNET_RECLAIM_AttributeIterator *attr_it; | ||
201 | |||
202 | /** | ||
203 | * Attribute iterator | ||
204 | */ | ||
205 | struct GNUNET_RECLAIM_CredentialIterator *cred_it; | ||
206 | |||
207 | /** | ||
208 | * Ticket iterator | ||
209 | */ | ||
210 | struct GNUNET_RECLAIM_TicketIterator *ticket_it; | ||
211 | |||
212 | /** | ||
213 | * A ticket | ||
214 | */ | ||
215 | struct GNUNET_RECLAIM_Ticket ticket; | ||
216 | |||
217 | /** | ||
218 | * Desired timeout for the lookup (default is no timeout). | ||
219 | */ | ||
220 | struct GNUNET_TIME_Relative timeout; | ||
221 | |||
222 | /** | ||
223 | * ID of a task associated with the resolution process. | ||
224 | */ | ||
225 | struct GNUNET_SCHEDULER_Task *timeout_task; | ||
226 | |||
227 | /** | ||
228 | * The plugin result processor | ||
229 | */ | ||
230 | GNUNET_REST_ResultProcessor proc; | ||
231 | |||
232 | /** | ||
233 | * The closure of the result processor | ||
234 | */ | ||
235 | void *proc_cls; | ||
236 | |||
237 | /** | ||
238 | * The url | ||
239 | */ | ||
240 | char *url; | ||
241 | |||
242 | /** | ||
243 | * Error response message | ||
244 | */ | ||
245 | char *emsg; | ||
246 | |||
247 | /** | ||
248 | * Response code | ||
249 | */ | ||
250 | int response_code; | ||
251 | |||
252 | /** | ||
253 | * Response object | ||
254 | */ | ||
255 | json_t *resp_object; | ||
256 | }; | ||
257 | |||
258 | /** | ||
259 | * DLL | ||
260 | */ | ||
261 | static struct RequestHandle *requests_head; | ||
262 | |||
263 | /** | ||
264 | * DLL | ||
265 | */ | ||
266 | static struct RequestHandle *requests_tail; | ||
267 | |||
268 | |||
269 | /** | ||
270 | * Cleanup lookup handle | ||
271 | * @param handle Handle to clean up | ||
272 | */ | ||
273 | static void | ||
274 | cleanup_handle (void *cls) | ||
275 | { | ||
276 | struct RequestHandle *handle = cls; | ||
277 | |||
278 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); | ||
279 | if (NULL != handle->resp_object) | ||
280 | json_decref (handle->resp_object); | ||
281 | if (NULL != handle->timeout_task) | ||
282 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | ||
283 | if (NULL != handle->attr_it) | ||
284 | GNUNET_RECLAIM_get_attributes_stop (handle->attr_it); | ||
285 | if (NULL != handle->cred_it) | ||
286 | GNUNET_RECLAIM_get_credentials_stop (handle->cred_it); | ||
287 | if (NULL != handle->ticket_it) | ||
288 | GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it); | ||
289 | if (NULL != handle->url) | ||
290 | GNUNET_free (handle->url); | ||
291 | if (NULL != handle->emsg) | ||
292 | GNUNET_free (handle->emsg); | ||
293 | if (NULL != handle->attr_list) | ||
294 | GNUNET_RECLAIM_attribute_list_destroy (handle->attr_list); | ||
295 | GNUNET_CONTAINER_DLL_remove (requests_head, | ||
296 | requests_tail, | ||
297 | handle); | ||
298 | GNUNET_free (handle); | ||
299 | } | ||
300 | |||
301 | |||
302 | /** | ||
303 | * Task run on error, sends error message. Cleans up everything. | ||
304 | * | ||
305 | * @param cls the `struct RequestHandle` | ||
306 | */ | ||
307 | static void | ||
308 | do_error (void *cls) | ||
309 | { | ||
310 | struct RequestHandle *handle = cls; | ||
311 | struct MHD_Response *resp; | ||
312 | char *json_error; | ||
313 | |||
314 | GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }", handle->emsg); | ||
315 | if (0 == handle->response_code) | ||
316 | { | ||
317 | handle->response_code = MHD_HTTP_BAD_REQUEST; | ||
318 | } | ||
319 | resp = GNUNET_REST_create_response (json_error); | ||
320 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, "Content-Type", "application/json")); | ||
321 | handle->proc (handle->proc_cls, resp, handle->response_code); | ||
322 | cleanup_handle (handle); | ||
323 | GNUNET_free (json_error); | ||
324 | } | ||
325 | |||
326 | |||
327 | /** | ||
328 | * Task run on timeout, sends error message. Cleans up everything. | ||
329 | * | ||
330 | * @param cls the `struct RequestHandle` | ||
331 | */ | ||
332 | static void | ||
333 | do_timeout (void *cls) | ||
334 | { | ||
335 | struct RequestHandle *handle = cls; | ||
336 | |||
337 | handle->timeout_task = NULL; | ||
338 | do_error (handle); | ||
339 | } | ||
340 | |||
341 | |||
342 | static void | ||
343 | collect_error_cb (void *cls) | ||
344 | { | ||
345 | GNUNET_SCHEDULER_add_now (&do_error, cls); | ||
346 | } | ||
347 | |||
348 | |||
349 | static void | ||
350 | finished_cont (void *cls, int32_t success, const char *emsg) | ||
351 | { | ||
352 | struct RequestHandle *handle = cls; | ||
353 | struct MHD_Response *resp; | ||
354 | |||
355 | handle->idp_op = NULL; | ||
356 | if (GNUNET_OK != success) | ||
357 | { | ||
358 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
359 | return; | ||
360 | } | ||
361 | resp = GNUNET_REST_create_response (emsg); | ||
362 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
363 | "Content-Type", | ||
364 | "application/json")); | ||
365 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
366 | "Access-Control-Allow-Methods", | ||
367 | allow_methods)); | ||
368 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
369 | GNUNET_SCHEDULER_add_now (&cleanup_handle, handle); | ||
370 | } | ||
371 | |||
372 | |||
373 | static void | ||
374 | delete_finished_cb (void *cls, int32_t success, const char *emsg) | ||
375 | { | ||
376 | struct RequestHandle *handle = cls; | ||
377 | struct MHD_Response *resp; | ||
378 | |||
379 | if (GNUNET_OK != success) | ||
380 | { | ||
381 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
382 | return; | ||
383 | } | ||
384 | resp = GNUNET_REST_create_response (emsg); | ||
385 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, | ||
386 | "Access-Control-Allow-Methods", | ||
387 | allow_methods)); | ||
388 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
389 | GNUNET_SCHEDULER_add_now (&cleanup_handle, handle); | ||
390 | } | ||
391 | |||
392 | |||
393 | /** | ||
394 | * Return attributes for identity | ||
395 | * | ||
396 | * @param cls the request handle | ||
397 | */ | ||
398 | static void | ||
399 | return_response (void *cls) | ||
400 | { | ||
401 | char *result_str; | ||
402 | struct RequestHandle *handle = cls; | ||
403 | struct MHD_Response *resp; | ||
404 | |||
405 | result_str = json_dumps (handle->resp_object, 0); | ||
406 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); | ||
407 | resp = GNUNET_REST_create_response (result_str); | ||
408 | GNUNET_assert (MHD_NO != | ||
409 | MHD_add_response_header (resp, | ||
410 | "Access-Control-Allow-Methods", | ||
411 | allow_methods)); | ||
412 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
413 | GNUNET_free (result_str); | ||
414 | cleanup_handle (handle); | ||
415 | } | ||
416 | |||
417 | |||
418 | static void | ||
419 | collect_finished_cb (void *cls) | ||
420 | { | ||
421 | struct RequestHandle *handle = cls; | ||
422 | |||
423 | // Done | ||
424 | handle->attr_it = NULL; | ||
425 | handle->cred_it = NULL; | ||
426 | handle->ticket_it = NULL; | ||
427 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
428 | } | ||
429 | |||
430 | |||
431 | /** | ||
432 | * Collect all attributes for an ego | ||
433 | * | ||
434 | */ | ||
435 | static void | ||
436 | ticket_collect (void *cls, const struct GNUNET_RECLAIM_Ticket *ticket) | ||
437 | { | ||
438 | json_t *json_resource; | ||
439 | struct RequestHandle *handle = cls; | ||
440 | json_t *value; | ||
441 | char *tmp; | ||
442 | |||
443 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n"); | ||
444 | tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof(ticket->rnd)); | ||
445 | json_resource = json_object (); | ||
446 | GNUNET_free (tmp); | ||
447 | json_array_append (handle->resp_object, json_resource); | ||
448 | |||
449 | tmp = | ||
450 | GNUNET_STRINGS_data_to_string_alloc (&ticket->identity, | ||
451 | sizeof(struct | ||
452 | GNUNET_CRYPTO_PublicKey)); | ||
453 | value = json_string (tmp); | ||
454 | json_object_set_new (json_resource, "issuer", value); | ||
455 | GNUNET_free (tmp); | ||
456 | tmp = | ||
457 | GNUNET_STRINGS_data_to_string_alloc (&ticket->audience, | ||
458 | sizeof(struct | ||
459 | GNUNET_CRYPTO_PublicKey)); | ||
460 | value = json_string (tmp); | ||
461 | json_object_set_new (json_resource, "audience", value); | ||
462 | GNUNET_free (tmp); | ||
463 | tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd, sizeof(ticket->rnd)); | ||
464 | value = json_string (tmp); | ||
465 | json_object_set_new (json_resource, "rnd", value); | ||
466 | GNUNET_free (tmp); | ||
467 | GNUNET_RECLAIM_ticket_iteration_next (handle->ticket_it); | ||
468 | } | ||
469 | |||
470 | |||
471 | static void | ||
472 | add_credential_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
473 | const char *url, | ||
474 | void *cls) | ||
475 | { | ||
476 | struct RequestHandle *handle = cls; | ||
477 | const struct GNUNET_CRYPTO_PrivateKey *identity_priv; | ||
478 | const char *identity; | ||
479 | struct EgoEntry *ego_entry; | ||
480 | struct GNUNET_RECLAIM_Credential *attribute; | ||
481 | struct GNUNET_TIME_Relative exp; | ||
482 | char term_data[handle->rest_handle->data_size + 1]; | ||
483 | json_t *data_json; | ||
484 | json_error_t err; | ||
485 | struct GNUNET_JSON_Specification attrspec[] = | ||
486 | { GNUNET_RECLAIM_JSON_spec_credential (&attribute), | ||
487 | GNUNET_JSON_spec_end () }; | ||
488 | |||
489 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
490 | "Adding an credential for %s.\n", | ||
491 | handle->url); | ||
492 | if (strlen (GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) >= strlen ( | ||
493 | handle->url)) | ||
494 | { | ||
495 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
496 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
497 | return; | ||
498 | } | ||
499 | identity = handle->url + strlen ( | ||
500 | GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) + 1; | ||
501 | |||
502 | for (ego_entry = ego_head; NULL != ego_entry; | ||
503 | ego_entry = ego_entry->next) | ||
504 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
505 | break; | ||
506 | |||
507 | if (NULL == ego_entry) | ||
508 | { | ||
509 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Identity unknown (%s)\n", identity); | ||
510 | return; | ||
511 | } | ||
512 | identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
513 | |||
514 | if (0 >= handle->rest_handle->data_size) | ||
515 | { | ||
516 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
517 | return; | ||
518 | } | ||
519 | |||
520 | term_data[handle->rest_handle->data_size] = '\0'; | ||
521 | GNUNET_memcpy (term_data, | ||
522 | handle->rest_handle->data, | ||
523 | handle->rest_handle->data_size); | ||
524 | data_json = json_loads (term_data, JSON_DECODE_ANY, &err); | ||
525 | if (GNUNET_OK != GNUNET_JSON_parse (data_json, attrspec, NULL, NULL)) | ||
526 | { | ||
527 | json_decref (data_json); | ||
528 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
529 | "Unable to parse JSON from %s\n", | ||
530 | term_data); | ||
531 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
532 | return; | ||
533 | } | ||
534 | json_decref (data_json); | ||
535 | if (NULL == attribute) | ||
536 | { | ||
537 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
538 | "Unable to parse credential from %s\n", | ||
539 | term_data); | ||
540 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
541 | return; | ||
542 | } | ||
543 | /** | ||
544 | * New ID for attribute | ||
545 | */ | ||
546 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attribute->id)) | ||
547 | GNUNET_RECLAIM_id_generate (&attribute->id); | ||
548 | exp = GNUNET_TIME_UNIT_HOURS; | ||
549 | handle->idp_op = GNUNET_RECLAIM_credential_store (idp, | ||
550 | identity_priv, | ||
551 | attribute, | ||
552 | &exp, | ||
553 | &finished_cont, | ||
554 | handle); | ||
555 | GNUNET_JSON_parse_free (attrspec); | ||
556 | } | ||
557 | |||
558 | |||
559 | /** | ||
560 | * Collect all credentials for an ego | ||
561 | * | ||
562 | */ | ||
563 | static void | ||
564 | cred_collect (void *cls, | ||
565 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
566 | const struct GNUNET_RECLAIM_Credential *cred) | ||
567 | { | ||
568 | struct RequestHandle *handle = cls; | ||
569 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
570 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
571 | struct GNUNET_TIME_Absolute exp; | ||
572 | json_t *attr_obj; | ||
573 | json_t *cred_obj; | ||
574 | const char *type; | ||
575 | char *tmp_value; | ||
576 | char *id_str; | ||
577 | char *issuer; | ||
578 | |||
579 | |||
580 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding credential: %s\n", | ||
581 | cred->name); | ||
582 | attrs = GNUNET_RECLAIM_credential_get_attributes (cred); | ||
583 | issuer = GNUNET_RECLAIM_credential_get_issuer (cred); | ||
584 | tmp_value = GNUNET_RECLAIM_credential_value_to_string (cred->type, | ||
585 | cred->data, | ||
586 | cred->data_size); | ||
587 | cred_obj = json_object (); | ||
588 | json_object_set_new (cred_obj, "value", json_string (tmp_value)); | ||
589 | json_object_set_new (cred_obj, "name", json_string (cred->name)); | ||
590 | type = GNUNET_RECLAIM_credential_number_to_typename (cred->type); | ||
591 | json_object_set_new (cred_obj, "type", json_string (type)); | ||
592 | if (NULL != issuer) | ||
593 | { | ||
594 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); | ||
595 | GNUNET_free (issuer); | ||
596 | } | ||
597 | if (GNUNET_OK == GNUNET_RECLAIM_credential_get_expiration (cred, | ||
598 | &exp)) | ||
599 | { | ||
600 | json_object_set_new (cred_obj, "expiration", json_integer ( | ||
601 | exp.abs_value_us)); | ||
602 | } | ||
603 | id_str = GNUNET_STRINGS_data_to_string_alloc (&cred->id, | ||
604 | sizeof(cred->id)); | ||
605 | json_object_set_new (cred_obj, "id", json_string (id_str)); | ||
606 | GNUNET_free (tmp_value); | ||
607 | GNUNET_free (id_str); | ||
608 | if (NULL != attrs) | ||
609 | { | ||
610 | json_t *attr_arr = json_array (); | ||
611 | for (ale = attrs->list_head; NULL != ale; ale = ale->next) | ||
612 | { | ||
613 | tmp_value = | ||
614 | GNUNET_RECLAIM_attribute_value_to_string (ale->attribute->type, | ||
615 | ale->attribute->data, | ||
616 | ale->attribute->data_size); | ||
617 | attr_obj = json_object (); | ||
618 | json_object_set_new (attr_obj, "value", json_string (tmp_value)); | ||
619 | json_object_set_new (attr_obj, "name", json_string ( | ||
620 | ale->attribute->name)); | ||
621 | |||
622 | json_object_set_new (attr_obj, "flag", json_string ("1")); // FIXME | ||
623 | type = GNUNET_RECLAIM_attribute_number_to_typename (ale->attribute->type); | ||
624 | json_object_set_new (attr_obj, "type", json_string (type)); | ||
625 | json_object_set_new (attr_obj, "id", json_string ("")); | ||
626 | json_object_set_new (attr_obj, "credential", json_string ("")); | ||
627 | json_array_append_new (attr_arr, attr_obj); | ||
628 | GNUNET_free (tmp_value); | ||
629 | } | ||
630 | json_object_set_new (cred_obj, "attributes", attr_arr); | ||
631 | } | ||
632 | json_array_append_new (handle->resp_object, cred_obj); | ||
633 | if (NULL != attrs) | ||
634 | GNUNET_RECLAIM_attribute_list_destroy (attrs); | ||
635 | GNUNET_RECLAIM_get_credentials_next (handle->cred_it); | ||
636 | } | ||
637 | |||
638 | |||
639 | /** | ||
640 | * Lists credential for identity request | ||
641 | * | ||
642 | * @param con_handle the connection handle | ||
643 | * @param url the url | ||
644 | * @param cls the RequestHandle | ||
645 | */ | ||
646 | static void | ||
647 | list_credential_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
648 | const char *url, | ||
649 | void *cls) | ||
650 | { | ||
651 | struct RequestHandle *handle = cls; | ||
652 | const struct GNUNET_CRYPTO_PrivateKey *priv_key; | ||
653 | struct EgoEntry *ego_entry; | ||
654 | char *identity; | ||
655 | |||
656 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
657 | "Getting credentials for %s.\n", | ||
658 | handle->url); | ||
659 | if (strlen (GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) >= strlen ( | ||
660 | handle->url)) | ||
661 | { | ||
662 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
663 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
664 | return; | ||
665 | } | ||
666 | identity = handle->url + strlen ( | ||
667 | GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) + 1; | ||
668 | |||
669 | for (ego_entry = ego_head; NULL != ego_entry; | ||
670 | ego_entry = ego_entry->next) | ||
671 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
672 | break; | ||
673 | handle->resp_object = json_array (); | ||
674 | |||
675 | |||
676 | if (NULL == ego_entry) | ||
677 | { | ||
678 | // Done | ||
679 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", identity); | ||
680 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
681 | return; | ||
682 | } | ||
683 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
684 | handle->cred_it = GNUNET_RECLAIM_get_credentials_start (idp, | ||
685 | priv_key, | ||
686 | &collect_error_cb, | ||
687 | handle, | ||
688 | &cred_collect, | ||
689 | handle, | ||
690 | & | ||
691 | collect_finished_cb, | ||
692 | handle); | ||
693 | } | ||
694 | |||
695 | |||
696 | /** | ||
697 | * Deletes credential from an identity | ||
698 | * | ||
699 | * @param con_handle the connection handle | ||
700 | * @param url the url | ||
701 | * @param cls the RequestHandle | ||
702 | */ | ||
703 | static void | ||
704 | delete_credential_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
705 | const char *url, | ||
706 | void *cls) | ||
707 | { | ||
708 | struct RequestHandle *handle = cls; | ||
709 | const struct GNUNET_CRYPTO_PrivateKey *priv_key; | ||
710 | struct GNUNET_RECLAIM_Credential attr; | ||
711 | struct EgoEntry *ego_entry; | ||
712 | char *identity_id_str; | ||
713 | char *identity; | ||
714 | char *id; | ||
715 | |||
716 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleting credential.\n"); | ||
717 | if (strlen (GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) >= strlen ( | ||
718 | handle->url)) | ||
719 | { | ||
720 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
721 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
722 | return; | ||
723 | } | ||
724 | identity_id_str = | ||
725 | strdup (handle->url + strlen ( | ||
726 | GNUNET_REST_API_NS_RECLAIM_CREDENTIAL) + 1); | ||
727 | identity = strtok (identity_id_str, "/"); | ||
728 | id = strtok (NULL, "/"); | ||
729 | if ((NULL == identity) || (NULL == id)) | ||
730 | { | ||
731 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Malformed request.\n"); | ||
732 | GNUNET_free (identity_id_str); | ||
733 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
734 | return; | ||
735 | } | ||
736 | |||
737 | for (ego_entry = ego_head; NULL != ego_entry; | ||
738 | ego_entry = ego_entry->next) | ||
739 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
740 | break; | ||
741 | handle->resp_object = json_array (); | ||
742 | if (NULL == ego_entry) | ||
743 | { | ||
744 | // Done | ||
745 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", identity); | ||
746 | GNUNET_free (identity_id_str); | ||
747 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
748 | return; | ||
749 | } | ||
750 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
751 | memset (&attr, 0, sizeof(struct GNUNET_RECLAIM_Credential)); | ||
752 | GNUNET_STRINGS_string_to_data (id, strlen (id), &attr.id, sizeof(attr.id)); | ||
753 | attr.name = ""; | ||
754 | handle->idp_op = GNUNET_RECLAIM_credential_delete (idp, | ||
755 | priv_key, | ||
756 | &attr, | ||
757 | &delete_finished_cb, | ||
758 | handle); | ||
759 | GNUNET_free (identity_id_str); | ||
760 | } | ||
761 | |||
762 | |||
763 | /** | ||
764 | * List tickets for identity request | ||
765 | * | ||
766 | * @param con_handle the connection handle | ||
767 | * @param url the url | ||
768 | * @param cls the RequestHandle | ||
769 | */ | ||
770 | static void | ||
771 | list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
772 | const char *url, | ||
773 | void *cls) | ||
774 | { | ||
775 | const struct GNUNET_CRYPTO_PrivateKey *priv_key; | ||
776 | struct RequestHandle *handle = cls; | ||
777 | struct EgoEntry *ego_entry; | ||
778 | char *identity; | ||
779 | |||
780 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
781 | "Getting tickets for %s.\n", | ||
782 | handle->url); | ||
783 | if (strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >= strlen (handle->url)) | ||
784 | { | ||
785 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
786 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
787 | return; | ||
788 | } | ||
789 | identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1; | ||
790 | |||
791 | for (ego_entry = ego_head; NULL != ego_entry; | ||
792 | ego_entry = ego_entry->next) | ||
793 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
794 | break; | ||
795 | handle->resp_object = json_array (); | ||
796 | |||
797 | if (NULL == ego_entry) | ||
798 | { | ||
799 | // Done | ||
800 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", identity); | ||
801 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
802 | return; | ||
803 | } | ||
804 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
805 | handle->ticket_it = | ||
806 | GNUNET_RECLAIM_ticket_iteration_start (idp, | ||
807 | priv_key, | ||
808 | &collect_error_cb, | ||
809 | handle, | ||
810 | &ticket_collect, | ||
811 | handle, | ||
812 | &collect_finished_cb, | ||
813 | handle); | ||
814 | } | ||
815 | |||
816 | |||
817 | static void | ||
818 | add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
819 | const char *url, | ||
820 | void *cls) | ||
821 | { | ||
822 | const struct GNUNET_CRYPTO_PrivateKey *identity_priv; | ||
823 | const char *identity; | ||
824 | struct RequestHandle *handle = cls; | ||
825 | struct EgoEntry *ego_entry; | ||
826 | struct GNUNET_RECLAIM_Attribute *attribute; | ||
827 | struct GNUNET_TIME_Relative exp; | ||
828 | char term_data[handle->rest_handle->data_size + 1]; | ||
829 | json_t *data_json; | ||
830 | json_error_t err; | ||
831 | struct GNUNET_JSON_Specification attrspec[] = | ||
832 | { GNUNET_RECLAIM_JSON_spec_attribute (&attribute), GNUNET_JSON_spec_end () }; | ||
833 | |||
834 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
835 | "Adding an attribute for %s.\n", | ||
836 | handle->url); | ||
837 | if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url)) | ||
838 | { | ||
839 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
840 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
841 | return; | ||
842 | } | ||
843 | identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1; | ||
844 | |||
845 | for (ego_entry = ego_head; NULL != ego_entry; | ||
846 | ego_entry = ego_entry->next) | ||
847 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
848 | break; | ||
849 | |||
850 | if (NULL == ego_entry) | ||
851 | { | ||
852 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Identity unknown (%s)\n", identity); | ||
853 | return; | ||
854 | } | ||
855 | identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
856 | |||
857 | if (0 >= handle->rest_handle->data_size) | ||
858 | { | ||
859 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
860 | return; | ||
861 | } | ||
862 | |||
863 | term_data[handle->rest_handle->data_size] = '\0'; | ||
864 | GNUNET_memcpy (term_data, | ||
865 | handle->rest_handle->data, | ||
866 | handle->rest_handle->data_size); | ||
867 | data_json = json_loads (term_data, JSON_DECODE_ANY, &err); | ||
868 | GNUNET_assert (GNUNET_OK == | ||
869 | GNUNET_JSON_parse (data_json, attrspec, NULL, NULL)); | ||
870 | json_decref (data_json); | ||
871 | if (NULL == attribute) | ||
872 | { | ||
873 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
874 | "Unable to parse attribute from %s\n", | ||
875 | term_data); | ||
876 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
877 | return; | ||
878 | } | ||
879 | /** | ||
880 | * New ID for attribute | ||
881 | */ | ||
882 | if (GNUNET_YES == GNUNET_RECLAIM_id_is_zero (&attribute->id)) | ||
883 | GNUNET_RECLAIM_id_generate (&attribute->id); | ||
884 | exp = GNUNET_TIME_UNIT_HOURS; | ||
885 | handle->idp_op = GNUNET_RECLAIM_attribute_store (idp, | ||
886 | identity_priv, | ||
887 | attribute, | ||
888 | &exp, | ||
889 | &finished_cont, | ||
890 | handle); | ||
891 | GNUNET_JSON_parse_free (attrspec); | ||
892 | } | ||
893 | |||
894 | |||
895 | /** | ||
896 | * Parse a JWT and return the respective claim value as Attribute | ||
897 | * | ||
898 | * @param cred the jwt credential | ||
899 | * @param claim the name of the claim in the JWT | ||
900 | * | ||
901 | * @return a GNUNET_RECLAIM_Attribute, containing the new value | ||
902 | */ | ||
903 | struct GNUNET_RECLAIM_Attribute * | ||
904 | parse_jwt (const struct GNUNET_RECLAIM_Credential *cred, | ||
905 | const char *claim) | ||
906 | { | ||
907 | char *jwt_string; | ||
908 | struct GNUNET_RECLAIM_Attribute *attr; | ||
909 | char delim[] = "."; | ||
910 | const char *type_str = NULL; | ||
911 | const char *val_str = NULL; | ||
912 | char *data; | ||
913 | size_t data_size; | ||
914 | uint32_t type; | ||
915 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); | ||
916 | char *decoded_jwt; | ||
917 | json_t *json_val; | ||
918 | json_error_t *json_err = NULL; | ||
919 | |||
920 | jwt_string = GNUNET_RECLAIM_credential_value_to_string (cred->type, | ||
921 | cred->data, | ||
922 | cred->data_size); | ||
923 | char *jwt_body = strtok (jwt_string, delim); | ||
924 | jwt_body = strtok (NULL, delim); | ||
925 | GNUNET_STRINGS_base64_decode (jwt_body, strlen (jwt_body), | ||
926 | (void **) &decoded_jwt); | ||
927 | json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); | ||
928 | const char *key; | ||
929 | json_t *value; | ||
930 | json_object_foreach (json_val, key, value) { | ||
931 | if (0 == strcasecmp (key,claim)) | ||
932 | { | ||
933 | val_str = json_dumps (value, JSON_ENCODE_ANY); | ||
934 | } | ||
935 | } | ||
936 | type_str = "String"; | ||
937 | type = GNUNET_RECLAIM_attribute_typename_to_number (type_str); | ||
938 | if (GNUNET_SYSERR == GNUNET_RECLAIM_attribute_string_to_value (type,val_str, | ||
939 | (void **) &data, | ||
940 | &data_size)) | ||
941 | { | ||
942 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
943 | "Attribute value from JWT Parser invalid!\n"); | ||
944 | GNUNET_RECLAIM_attribute_string_to_value (type, | ||
945 | "Error: Referenced Claim Name not Found", | ||
946 | (void **) &data, | ||
947 | &data_size); | ||
948 | attr = GNUNET_RECLAIM_attribute_new (claim, &cred->id, | ||
949 | type, data, data_size); | ||
950 | attr->id = cred->id; | ||
951 | attr->flag = 1; | ||
952 | } | ||
953 | else | ||
954 | { | ||
955 | attr = GNUNET_RECLAIM_attribute_new (claim, &cred->id, | ||
956 | type, data, data_size); | ||
957 | attr->id = cred->id; | ||
958 | attr->flag = 1; | ||
959 | } | ||
960 | return attr; | ||
961 | } | ||
962 | |||
963 | |||
964 | /** | ||
965 | * Collect all attributes for an ego | ||
966 | * | ||
967 | */ | ||
968 | static void | ||
969 | attr_collect (void *cls, | ||
970 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
971 | const struct GNUNET_RECLAIM_Attribute *attr) | ||
972 | { | ||
973 | struct RequestHandle *handle = cls; | ||
974 | json_t *attr_obj; | ||
975 | const char *type; | ||
976 | char *id_str; | ||
977 | |||
978 | char *tmp_value; | ||
979 | tmp_value = GNUNET_RECLAIM_attribute_value_to_string (attr->type, | ||
980 | attr->data, | ||
981 | attr->data_size); | ||
982 | attr_obj = json_object (); | ||
983 | json_object_set_new (attr_obj, "value", json_string (tmp_value)); | ||
984 | json_object_set_new (attr_obj, "name", json_string (attr->name)); | ||
985 | |||
986 | if (GNUNET_RECLAIM_id_is_zero (&attr->credential)) | ||
987 | json_object_set_new (attr_obj, "flag", json_string ("0")); | ||
988 | else | ||
989 | json_object_set_new (attr_obj, "flag", json_string ("1")); | ||
990 | type = GNUNET_RECLAIM_attribute_number_to_typename (attr->type); | ||
991 | json_object_set_new (attr_obj, "type", json_string (type)); | ||
992 | id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->id, | ||
993 | sizeof(attr->id)); | ||
994 | json_object_set_new (attr_obj, "id", json_string (id_str)); | ||
995 | GNUNET_free (id_str); | ||
996 | id_str = GNUNET_STRINGS_data_to_string_alloc (&attr->credential, | ||
997 | sizeof(attr->credential)); | ||
998 | json_object_set_new (attr_obj, "credential", json_string (id_str)); | ||
999 | GNUNET_free (id_str); | ||
1000 | json_array_append (handle->resp_object, attr_obj); | ||
1001 | json_decref (attr_obj); | ||
1002 | GNUNET_free (tmp_value); | ||
1003 | GNUNET_RECLAIM_get_attributes_next (handle->attr_it); | ||
1004 | } | ||
1005 | |||
1006 | |||
1007 | /** | ||
1008 | * List attributes for identity request | ||
1009 | * | ||
1010 | * @param con_handle the connection handle | ||
1011 | * @param url the url | ||
1012 | * @param cls the RequestHandle | ||
1013 | */ | ||
1014 | static void | ||
1015 | list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1016 | const char *url, | ||
1017 | void *cls) | ||
1018 | { | ||
1019 | const struct GNUNET_CRYPTO_PrivateKey *priv_key; | ||
1020 | struct RequestHandle *handle = cls; | ||
1021 | struct EgoEntry *ego_entry; | ||
1022 | char *identity; | ||
1023 | |||
1024 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1025 | "Getting attributes for %s.\n", | ||
1026 | handle->url); | ||
1027 | if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url)) | ||
1028 | { | ||
1029 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
1030 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1031 | return; | ||
1032 | } | ||
1033 | identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1; | ||
1034 | |||
1035 | for (ego_entry = ego_head; NULL != ego_entry; | ||
1036 | ego_entry = ego_entry->next) | ||
1037 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
1038 | break; | ||
1039 | handle->resp_object = json_array (); | ||
1040 | |||
1041 | |||
1042 | if (NULL == ego_entry) | ||
1043 | { | ||
1044 | // Done | ||
1045 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", identity); | ||
1046 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
1047 | return; | ||
1048 | } | ||
1049 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
1050 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start (idp, | ||
1051 | priv_key, | ||
1052 | &collect_error_cb, | ||
1053 | handle, | ||
1054 | &attr_collect, | ||
1055 | handle, | ||
1056 | &collect_finished_cb, | ||
1057 | handle); | ||
1058 | } | ||
1059 | |||
1060 | |||
1061 | /** | ||
1062 | * List attributes for identity request | ||
1063 | * | ||
1064 | * @param con_handle the connection handle | ||
1065 | * @param url the url | ||
1066 | * @param cls the RequestHandle | ||
1067 | */ | ||
1068 | static void | ||
1069 | delete_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1070 | const char *url, | ||
1071 | void *cls) | ||
1072 | { | ||
1073 | const struct GNUNET_CRYPTO_PrivateKey *priv_key; | ||
1074 | struct RequestHandle *handle = cls; | ||
1075 | struct GNUNET_RECLAIM_Attribute attr; | ||
1076 | struct EgoEntry *ego_entry; | ||
1077 | char *identity_id_str; | ||
1078 | char *identity; | ||
1079 | char *id; | ||
1080 | |||
1081 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Deleting attributes.\n"); | ||
1082 | if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url)) | ||
1083 | { | ||
1084 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n"); | ||
1085 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1086 | return; | ||
1087 | } | ||
1088 | identity_id_str = | ||
1089 | strdup (handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1); | ||
1090 | identity = strtok (identity_id_str, "/"); | ||
1091 | id = strtok (NULL, "/"); | ||
1092 | if ((NULL == identity) || (NULL == id)) | ||
1093 | { | ||
1094 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Malformed request.\n"); | ||
1095 | GNUNET_free (identity_id_str); | ||
1096 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1097 | return; | ||
1098 | } | ||
1099 | |||
1100 | for (ego_entry = ego_head; NULL != ego_entry; | ||
1101 | ego_entry = ego_entry->next) | ||
1102 | if (0 == strcmp (identity, ego_entry->identifier)) | ||
1103 | break; | ||
1104 | handle->resp_object = json_array (); | ||
1105 | if (NULL == ego_entry) | ||
1106 | { | ||
1107 | // Done | ||
1108 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n", identity); | ||
1109 | GNUNET_free (identity_id_str); | ||
1110 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
1111 | return; | ||
1112 | } | ||
1113 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
1114 | memset (&attr, 0, sizeof(struct GNUNET_RECLAIM_Attribute)); | ||
1115 | GNUNET_STRINGS_string_to_data (id, strlen (id), &attr.id, sizeof(attr.id)); | ||
1116 | attr.name = ""; | ||
1117 | handle->idp_op = GNUNET_RECLAIM_attribute_delete (idp, | ||
1118 | priv_key, | ||
1119 | &attr, | ||
1120 | &delete_finished_cb, | ||
1121 | handle); | ||
1122 | GNUNET_free (identity_id_str); | ||
1123 | } | ||
1124 | |||
1125 | |||
1126 | static void | ||
1127 | revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1128 | const char *url, | ||
1129 | void *cls) | ||
1130 | { | ||
1131 | const struct GNUNET_CRYPTO_PrivateKey *identity_priv; | ||
1132 | struct RequestHandle *handle = cls; | ||
1133 | struct EgoEntry *ego_entry; | ||
1134 | struct GNUNET_RECLAIM_Ticket *ticket = NULL; | ||
1135 | struct GNUNET_CRYPTO_PublicKey tmp_pk; | ||
1136 | char term_data[handle->rest_handle->data_size + 1]; | ||
1137 | json_t *data_json; | ||
1138 | json_error_t err; | ||
1139 | struct GNUNET_JSON_Specification tktspec[] = | ||
1140 | { GNUNET_RECLAIM_JSON_spec_ticket (&ticket), GNUNET_JSON_spec_end () }; | ||
1141 | |||
1142 | if (0 >= handle->rest_handle->data_size) | ||
1143 | { | ||
1144 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1145 | return; | ||
1146 | } | ||
1147 | |||
1148 | term_data[handle->rest_handle->data_size] = '\0'; | ||
1149 | GNUNET_memcpy (term_data, | ||
1150 | handle->rest_handle->data, | ||
1151 | handle->rest_handle->data_size); | ||
1152 | data_json = json_loads (term_data, JSON_DECODE_ANY, &err); | ||
1153 | if ((NULL == data_json) || | ||
1154 | (GNUNET_OK != GNUNET_JSON_parse (data_json, tktspec, NULL, NULL))) | ||
1155 | { | ||
1156 | handle->emsg = GNUNET_strdup ("Not a ticket!\n"); | ||
1157 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1158 | GNUNET_JSON_parse_free (tktspec); | ||
1159 | if (NULL != data_json) | ||
1160 | json_decref (data_json); | ||
1161 | return; | ||
1162 | } | ||
1163 | json_decref (data_json); | ||
1164 | if (NULL == ticket) | ||
1165 | { | ||
1166 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1167 | "Unable to parse ticket from %s\n", | ||
1168 | term_data); | ||
1169 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1170 | return; | ||
1171 | } | ||
1172 | |||
1173 | for (ego_entry = ego_head; NULL != ego_entry; | ||
1174 | ego_entry = ego_entry->next) | ||
1175 | { | ||
1176 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &tmp_pk); | ||
1177 | if (0 == memcmp (&ticket->identity, | ||
1178 | &tmp_pk, | ||
1179 | sizeof(struct GNUNET_CRYPTO_PublicKey))) | ||
1180 | break; | ||
1181 | } | ||
1182 | if (NULL == ego_entry) | ||
1183 | { | ||
1184 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Identity unknown\n"); | ||
1185 | GNUNET_JSON_parse_free (tktspec); | ||
1186 | return; | ||
1187 | } | ||
1188 | identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
1189 | |||
1190 | handle->idp_op = GNUNET_RECLAIM_ticket_revoke (idp, | ||
1191 | identity_priv, | ||
1192 | ticket, | ||
1193 | &finished_cont, | ||
1194 | handle); | ||
1195 | GNUNET_JSON_parse_free (tktspec); | ||
1196 | } | ||
1197 | |||
1198 | |||
1199 | static void | ||
1200 | consume_cont (void *cls, | ||
1201 | const struct GNUNET_CRYPTO_PublicKey *identity, | ||
1202 | const struct GNUNET_RECLAIM_Attribute *attr, | ||
1203 | const struct GNUNET_RECLAIM_Presentation *presentation) | ||
1204 | { | ||
1205 | struct RequestHandle *handle = cls; | ||
1206 | char *val_str; | ||
1207 | json_t *value; | ||
1208 | |||
1209 | if (NULL == identity) | ||
1210 | { | ||
1211 | GNUNET_SCHEDULER_add_now (&return_response, handle); | ||
1212 | return; | ||
1213 | } | ||
1214 | |||
1215 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", attr->name); | ||
1216 | val_str = GNUNET_RECLAIM_attribute_value_to_string (attr->type, | ||
1217 | attr->data, | ||
1218 | attr->data_size); | ||
1219 | if (NULL == val_str) | ||
1220 | { | ||
1221 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1222 | "Failed to parse value for: %s\n", | ||
1223 | attr->name); | ||
1224 | return; | ||
1225 | } | ||
1226 | value = json_string (val_str); | ||
1227 | json_object_set_new (handle->resp_object, attr->name, value); | ||
1228 | json_decref (value); | ||
1229 | GNUNET_free (val_str); | ||
1230 | } | ||
1231 | |||
1232 | |||
1233 | static void | ||
1234 | consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1235 | const char *url, | ||
1236 | void *cls) | ||
1237 | { | ||
1238 | const struct GNUNET_CRYPTO_PrivateKey *identity_priv; | ||
1239 | struct RequestHandle *handle = cls; | ||
1240 | struct EgoEntry *ego_entry; | ||
1241 | struct GNUNET_RECLAIM_Ticket *ticket; | ||
1242 | struct GNUNET_CRYPTO_PublicKey tmp_pk; | ||
1243 | char term_data[handle->rest_handle->data_size + 1]; | ||
1244 | json_t *data_json; | ||
1245 | json_error_t err; | ||
1246 | struct GNUNET_JSON_Specification tktspec[] = | ||
1247 | { GNUNET_RECLAIM_JSON_spec_ticket (&ticket), GNUNET_JSON_spec_end () }; | ||
1248 | |||
1249 | if (0 >= handle->rest_handle->data_size) | ||
1250 | { | ||
1251 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1252 | return; | ||
1253 | } | ||
1254 | |||
1255 | term_data[handle->rest_handle->data_size] = '\0'; | ||
1256 | GNUNET_memcpy (term_data, | ||
1257 | handle->rest_handle->data, | ||
1258 | handle->rest_handle->data_size); | ||
1259 | data_json = json_loads (term_data, JSON_DECODE_ANY, &err); | ||
1260 | if (NULL == data_json) | ||
1261 | { | ||
1262 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1263 | "Unable to parse JSON Object from %s\n", | ||
1264 | term_data); | ||
1265 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1266 | return; | ||
1267 | } | ||
1268 | if (GNUNET_OK != GNUNET_JSON_parse (data_json, tktspec, NULL, NULL)) | ||
1269 | { | ||
1270 | handle->emsg = GNUNET_strdup ("Not a ticket!\n"); | ||
1271 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1272 | GNUNET_JSON_parse_free (tktspec); | ||
1273 | json_decref (data_json); | ||
1274 | return; | ||
1275 | } | ||
1276 | for (ego_entry = ego_head; NULL != ego_entry; | ||
1277 | ego_entry = ego_entry->next) | ||
1278 | { | ||
1279 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &tmp_pk); | ||
1280 | if (0 == memcmp (&ticket->audience, | ||
1281 | &tmp_pk, | ||
1282 | sizeof(struct GNUNET_CRYPTO_PublicKey))) | ||
1283 | break; | ||
1284 | } | ||
1285 | if (NULL == ego_entry) | ||
1286 | { | ||
1287 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Identity unknown\n"); | ||
1288 | GNUNET_JSON_parse_free (tktspec); | ||
1289 | return; | ||
1290 | } | ||
1291 | identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
1292 | handle->resp_object = json_object (); | ||
1293 | handle->idp_op = GNUNET_RECLAIM_ticket_consume (idp, | ||
1294 | identity_priv, | ||
1295 | ticket, | ||
1296 | &consume_cont, | ||
1297 | handle); | ||
1298 | GNUNET_JSON_parse_free (tktspec); | ||
1299 | } | ||
1300 | |||
1301 | |||
1302 | /** | ||
1303 | * Respond to OPTIONS request | ||
1304 | * | ||
1305 | * @param con_handle the connection handle | ||
1306 | * @param url the url | ||
1307 | * @param cls the RequestHandle | ||
1308 | */ | ||
1309 | static void | ||
1310 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1311 | const char *url, | ||
1312 | void *cls) | ||
1313 | { | ||
1314 | struct MHD_Response *resp; | ||
1315 | struct RequestHandle *handle = cls; | ||
1316 | |||
1317 | // For now, independent of path return all options | ||
1318 | resp = GNUNET_REST_create_response (NULL); | ||
1319 | GNUNET_assert (MHD_NO != MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods)); | ||
1320 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
1321 | cleanup_handle (handle); | ||
1322 | return; | ||
1323 | } | ||
1324 | |||
1325 | |||
1326 | /** | ||
1327 | * If listing is enabled, prints information about the egos. | ||
1328 | * | ||
1329 | * This function is initially called for all egos and then again | ||
1330 | * whenever a ego's identifier changes or if it is deleted. At the | ||
1331 | * end of the initial pass over all egos, the function is once called | ||
1332 | * with 'NULL' for 'ego'. That does NOT mean that the callback won't | ||
1333 | * be invoked in the future or that there was an error. | ||
1334 | * | ||
1335 | * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', this | ||
1336 | * function is only called ONCE, and 'NULL' being passed in 'ego' does | ||
1337 | * indicate an error (for example because name is taken or no default value is | ||
1338 | * known). If 'ego' is non-NULL and if '*ctx' is set in those callbacks, the | ||
1339 | * value WILL be passed to a subsequent call to the identity callback of | ||
1340 | * 'GNUNET_IDENTITY_connect' (if that one was not NULL). | ||
1341 | * | ||
1342 | * When an identity is renamed, this function is called with the | ||
1343 | * (known) ego but the NEW identifier. | ||
1344 | * | ||
1345 | * When an identity is deleted, this function is called with the | ||
1346 | * (known) ego and "NULL" for the 'identifier'. In this case, | ||
1347 | * the 'ego' is henceforth invalid (and the 'ctx' should also be | ||
1348 | * cleaned up). | ||
1349 | * | ||
1350 | * @param cls closure | ||
1351 | * @param ego ego handle | ||
1352 | * @param ctx context for application to store data for this ego | ||
1353 | * (during the lifetime of this process, initially NULL) | ||
1354 | * @param identifier identifier assigned by the user for this ego, | ||
1355 | * NULL if the user just deleted the ego and it | ||
1356 | * must thus no longer be used | ||
1357 | */ | ||
1358 | static void | ||
1359 | list_ego (void *cls, | ||
1360 | struct GNUNET_IDENTITY_Ego *ego, | ||
1361 | void **ctx, | ||
1362 | const char *identifier) | ||
1363 | { | ||
1364 | struct EgoEntry *ego_entry; | ||
1365 | struct GNUNET_CRYPTO_PublicKey pk; | ||
1366 | |||
1367 | if (NULL == ego) | ||
1368 | { | ||
1369 | state = ID_REST_STATE_POST_INIT; | ||
1370 | return; | ||
1371 | } | ||
1372 | if (ID_REST_STATE_INIT == state) | ||
1373 | { | ||
1374 | ego_entry = GNUNET_new (struct EgoEntry); | ||
1375 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | ||
1376 | ego_entry->keystring = GNUNET_CRYPTO_public_key_to_string (&pk); | ||
1377 | ego_entry->ego = ego; | ||
1378 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
1379 | GNUNET_CONTAINER_DLL_insert_tail (ego_head, | ||
1380 | ego_tail, | ||
1381 | ego_entry); | ||
1382 | } | ||
1383 | /* Ego renamed or added */ | ||
1384 | if (identifier != NULL) | ||
1385 | { | ||
1386 | for (ego_entry = ego_head; NULL != ego_entry; | ||
1387 | ego_entry = ego_entry->next) | ||
1388 | { | ||
1389 | if (ego_entry->ego == ego) | ||
1390 | { | ||
1391 | /* Rename */ | ||
1392 | GNUNET_free (ego_entry->identifier); | ||
1393 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
1394 | break; | ||
1395 | } | ||
1396 | } | ||
1397 | if (NULL == ego_entry) | ||
1398 | { | ||
1399 | /* Add */ | ||
1400 | ego_entry = GNUNET_new (struct EgoEntry); | ||
1401 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | ||
1402 | ego_entry->keystring = GNUNET_CRYPTO_public_key_to_string (&pk); | ||
1403 | ego_entry->ego = ego; | ||
1404 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
1405 | GNUNET_CONTAINER_DLL_insert_tail (ego_head, | ||
1406 | ego_tail, | ||
1407 | ego_entry); | ||
1408 | } | ||
1409 | } | ||
1410 | else | ||
1411 | { | ||
1412 | /* Delete */ | ||
1413 | for (ego_entry = ego_head; NULL != ego_entry; | ||
1414 | ego_entry = ego_entry->next) | ||
1415 | { | ||
1416 | if (ego_entry->ego == ego) | ||
1417 | break; | ||
1418 | } | ||
1419 | if (NULL == ego_entry) | ||
1420 | return; /* Not found */ | ||
1421 | |||
1422 | GNUNET_CONTAINER_DLL_remove (ego_head, | ||
1423 | ego_tail, | ||
1424 | ego_entry); | ||
1425 | GNUNET_free (ego_entry->identifier); | ||
1426 | GNUNET_free (ego_entry->keystring); | ||
1427 | GNUNET_free (ego_entry); | ||
1428 | return; | ||
1429 | } | ||
1430 | |||
1431 | } | ||
1432 | |||
1433 | |||
1434 | static enum GNUNET_GenericReturnValue | ||
1435 | rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | ||
1436 | GNUNET_REST_ResultProcessor proc, | ||
1437 | void *proc_cls) | ||
1438 | { | ||
1439 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | ||
1440 | struct GNUNET_REST_RequestHandlerError err; | ||
1441 | static const struct GNUNET_REST_RequestHandler handlers[] = | ||
1442 | { { MHD_HTTP_METHOD_GET, | ||
1443 | GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &list_attribute_cont }, | ||
1444 | { MHD_HTTP_METHOD_POST, | ||
1445 | GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &add_attribute_cont }, | ||
1446 | { MHD_HTTP_METHOD_DELETE, | ||
1447 | GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &delete_attribute_cont }, | ||
1448 | { MHD_HTTP_METHOD_GET, | ||
1449 | GNUNET_REST_API_NS_RECLAIM_CREDENTIAL, &list_credential_cont }, | ||
1450 | { MHD_HTTP_METHOD_POST, | ||
1451 | GNUNET_REST_API_NS_RECLAIM_CREDENTIAL, &add_credential_cont }, | ||
1452 | { MHD_HTTP_METHOD_DELETE, | ||
1453 | GNUNET_REST_API_NS_RECLAIM_CREDENTIAL, &delete_credential_cont }, | ||
1454 | { MHD_HTTP_METHOD_GET, | ||
1455 | GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont }, | ||
1456 | { MHD_HTTP_METHOD_POST, | ||
1457 | GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont }, | ||
1458 | { MHD_HTTP_METHOD_POST, | ||
1459 | GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont }, | ||
1460 | { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_RECLAIM, &options_cont }, | ||
1461 | GNUNET_REST_HANDLER_END}; | ||
1462 | |||
1463 | handle->response_code = 0; | ||
1464 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | ||
1465 | handle->proc_cls = proc_cls; | ||
1466 | handle->proc = proc; | ||
1467 | handle->rest_handle = rest_handle; | ||
1468 | |||
1469 | handle->url = GNUNET_strdup (rest_handle->url); | ||
1470 | if (handle->url[strlen (handle->url) - 1] == '/') | ||
1471 | handle->url[strlen (handle->url) - 1] = '\0'; | ||
1472 | handle->timeout_task = | ||
1473 | GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); | ||
1474 | GNUNET_CONTAINER_DLL_insert (requests_head, | ||
1475 | requests_tail, | ||
1476 | handle); | ||
1477 | if (GNUNET_NO == | ||
1478 | GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) | ||
1479 | { | ||
1480 | cleanup_handle (handle); | ||
1481 | return GNUNET_NO; | ||
1482 | } | ||
1483 | |||
1484 | return GNUNET_YES; | ||
1485 | } | ||
1486 | |||
1487 | |||
1488 | /** | ||
1489 | * Entry point for the plugin. | ||
1490 | * | ||
1491 | * @param cls Config info | ||
1492 | * @return NULL on error, otherwise the plugin context | ||
1493 | */ | ||
1494 | void * | ||
1495 | libgnunet_plugin_rest_reclaim_init (void *cls) | ||
1496 | { | ||
1497 | static struct Plugin plugin; | ||
1498 | struct GNUNET_REST_Plugin *api; | ||
1499 | |||
1500 | cfg = cls; | ||
1501 | if (NULL != plugin.cfg) | ||
1502 | return NULL; /* can only initialize once! */ | ||
1503 | memset (&plugin, 0, sizeof(struct Plugin)); | ||
1504 | plugin.cfg = cfg; | ||
1505 | api = GNUNET_new (struct GNUNET_REST_Plugin); | ||
1506 | api->cls = &plugin; | ||
1507 | api->name = GNUNET_REST_API_NS_RECLAIM; | ||
1508 | api->process_request = &rest_identity_process_request; | ||
1509 | GNUNET_asprintf (&allow_methods, | ||
1510 | "%s, %s, %s, %s, %s", | ||
1511 | MHD_HTTP_METHOD_GET, | ||
1512 | MHD_HTTP_METHOD_POST, | ||
1513 | MHD_HTTP_METHOD_PUT, | ||
1514 | MHD_HTTP_METHOD_DELETE, | ||
1515 | MHD_HTTP_METHOD_OPTIONS); | ||
1516 | identity_handle = GNUNET_IDENTITY_connect (cfg, &list_ego, NULL); | ||
1517 | state = ID_REST_STATE_INIT; | ||
1518 | idp = GNUNET_RECLAIM_connect (cfg); | ||
1519 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1520 | _ ("Identity Provider REST API initialized\n")); | ||
1521 | return api; | ||
1522 | } | ||
1523 | |||
1524 | |||
1525 | /** | ||
1526 | * Exit point from the plugin. | ||
1527 | * | ||
1528 | * @param cls the plugin context (as returned by "init") | ||
1529 | * @return always NULL | ||
1530 | */ | ||
1531 | void * | ||
1532 | libgnunet_plugin_rest_reclaim_done (void *cls) | ||
1533 | { | ||
1534 | struct GNUNET_REST_Plugin *api = cls; | ||
1535 | struct Plugin *plugin = api->cls; | ||
1536 | struct RequestHandle *request; | ||
1537 | struct EgoEntry *ego_entry; | ||
1538 | struct EgoEntry *ego_tmp; | ||
1539 | |||
1540 | plugin->cfg = NULL; | ||
1541 | while (NULL != (request = requests_head)) | ||
1542 | do_error (request); | ||
1543 | if (NULL != idp) | ||
1544 | GNUNET_RECLAIM_disconnect (idp); | ||
1545 | if (NULL != identity_handle) | ||
1546 | GNUNET_IDENTITY_disconnect (identity_handle); | ||
1547 | for (ego_entry = ego_head; NULL != ego_entry;) | ||
1548 | { | ||
1549 | ego_tmp = ego_entry; | ||
1550 | ego_entry = ego_entry->next; | ||
1551 | GNUNET_free (ego_tmp->identifier); | ||
1552 | GNUNET_free (ego_tmp->keystring); | ||
1553 | GNUNET_free (ego_tmp); | ||
1554 | } | ||
1555 | |||
1556 | GNUNET_free (allow_methods); | ||
1557 | GNUNET_free (api); | ||
1558 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1559 | "Identity Provider REST plugin is finished\n"); | ||
1560 | return NULL; | ||
1561 | } | ||
1562 | |||
1563 | |||
1564 | /* end of plugin_rest_reclaim.c */ | ||
diff --git a/src/reclaim/reclaim.conf b/src/reclaim/reclaim.conf deleted file mode 100644 index 07facc232..000000000 --- a/src/reclaim/reclaim.conf +++ /dev/null | |||
@@ -1,22 +0,0 @@ | |||
1 | [reclaim] | ||
2 | START_ON_DEMAND = YES | ||
3 | RUN_PER_USER = YES | ||
4 | #PORT = 2108 | ||
5 | HOSTNAME = localhost | ||
6 | BINARY = gnunet-service-reclaim | ||
7 | ACCEPT_FROM = 127.0.0.1; | ||
8 | ACCEPT_FROM6 = ::1; | ||
9 | UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-reclaim.sock | ||
10 | UNIX_MATCH_UID = NO | ||
11 | UNIX_MATCH_GID = YES | ||
12 | TICKET_REFRESH_INTERVAL = 6h | ||
13 | |||
14 | [reclaim-rest-plugin] | ||
15 | #ADDRESS = https://identity.gnu:8000#/login | ||
16 | ADDRESS = https://ui.reclaim/#/login | ||
17 | OIDC_JSON_WEB_ALGORITHM = RS256 | ||
18 | OIDC_CLIENT_HMAC_SECRET = secret | ||
19 | OIDC_DIR = $GNUNET_DATA_HOME/oidc | ||
20 | OIDC_USERINFO_CONSUME_TIMEOUT = 5s | ||
21 | JWT_SECRET = secret | ||
22 | EXPIRATION_TIME = 1d | ||
diff --git a/src/reclaim/reclaim.h b/src/reclaim/reclaim.h deleted file mode 100644 index 9d5118269..000000000 --- a/src/reclaim/reclaim.h +++ /dev/null | |||
@@ -1,600 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @author Martin Schanzenbach | ||
23 | * @file reclaim/reclaim.h | ||
24 | * | ||
25 | * @brief Common type definitions for the identity provider | ||
26 | * service and API. | ||
27 | */ | ||
28 | #ifndef RECLAIM_H | ||
29 | #define RECLAIM_H | ||
30 | |||
31 | #include "gnunet_common.h" | ||
32 | #include "gnunet_identity_service.h" | ||
33 | |||
34 | GNUNET_NETWORK_STRUCT_BEGIN | ||
35 | |||
36 | |||
37 | /** | ||
38 | * Use to store an identity attribute | ||
39 | */ | ||
40 | struct AttributeStoreMessage | ||
41 | { | ||
42 | /** | ||
43 | * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT | ||
44 | */ | ||
45 | struct GNUNET_MessageHeader header; | ||
46 | |||
47 | /** | ||
48 | * The expiration interval of the attribute | ||
49 | */ | ||
50 | uint64_t exp GNUNET_PACKED; | ||
51 | |||
52 | /** | ||
53 | * Unique identifier for this request (for key collisions). | ||
54 | */ | ||
55 | uint32_t id GNUNET_PACKED; | ||
56 | |||
57 | /** | ||
58 | * The length of the attribute | ||
59 | */ | ||
60 | uint16_t attr_len GNUNET_PACKED; | ||
61 | |||
62 | /** | ||
63 | * The length of the private key | ||
64 | */ | ||
65 | uint16_t key_len GNUNET_PACKED; | ||
66 | |||
67 | /* | ||
68 | * followed by the zone private key | ||
69 | * followed by the serialized attribute */ | ||
70 | }; | ||
71 | |||
72 | |||
73 | /** | ||
74 | * Use to delete an identity attribute | ||
75 | */ | ||
76 | struct AttributeDeleteMessage | ||
77 | { | ||
78 | /** | ||
79 | * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT | ||
80 | */ | ||
81 | struct GNUNET_MessageHeader header; | ||
82 | |||
83 | /** | ||
84 | * Unique identifier for this request (for key collisions). | ||
85 | */ | ||
86 | uint32_t id GNUNET_PACKED; | ||
87 | |||
88 | /** | ||
89 | * The length of the attribute | ||
90 | */ | ||
91 | uint16_t attr_len GNUNET_PACKED; | ||
92 | |||
93 | /** | ||
94 | * The length of the private key | ||
95 | */ | ||
96 | uint16_t key_len GNUNET_PACKED; | ||
97 | |||
98 | /* followed by the serialized attribute */ | ||
99 | }; | ||
100 | |||
101 | |||
102 | /** | ||
103 | * Attribute store/delete response message | ||
104 | */ | ||
105 | struct SuccessResultMessage | ||
106 | { | ||
107 | /** | ||
108 | * Message header | ||
109 | */ | ||
110 | struct GNUNET_MessageHeader header; | ||
111 | |||
112 | /** | ||
113 | * Unique identifier for this request (for key collisions). | ||
114 | */ | ||
115 | uint32_t id GNUNET_PACKED; | ||
116 | |||
117 | /** | ||
118 | * #GNUNET_SYSERR on failure, #GNUNET_OK on success | ||
119 | */ | ||
120 | int32_t op_result GNUNET_PACKED; | ||
121 | }; | ||
122 | |||
123 | /** | ||
124 | * Attribute is returned from the idp. | ||
125 | */ | ||
126 | struct AttributeResultMessage | ||
127 | { | ||
128 | /** | ||
129 | * Message header | ||
130 | */ | ||
131 | struct GNUNET_MessageHeader header; | ||
132 | |||
133 | /** | ||
134 | * Unique identifier for this request (for key collisions). | ||
135 | */ | ||
136 | uint32_t id GNUNET_PACKED; | ||
137 | |||
138 | /** | ||
139 | * Reserved (alignment) | ||
140 | */ | ||
141 | uint16_t reserved GNUNET_PACKED; | ||
142 | |||
143 | /** | ||
144 | * Length of serialized attribute data | ||
145 | */ | ||
146 | uint16_t attr_len GNUNET_PACKED; | ||
147 | |||
148 | /** | ||
149 | * Length of serialized credential data | ||
150 | */ | ||
151 | uint16_t credential_len GNUNET_PACKED; | ||
152 | |||
153 | /** | ||
154 | * The length of the public key | ||
155 | */ | ||
156 | uint16_t pkey_len GNUNET_PACKED; | ||
157 | |||
158 | /** | ||
159 | * followed by the public key key. | ||
160 | * followed by: | ||
161 | * serialized attribute data | ||
162 | */ | ||
163 | }; | ||
164 | |||
165 | /** | ||
166 | * Credential is returned from the idp. | ||
167 | */ | ||
168 | struct CredentialResultMessage | ||
169 | { | ||
170 | /** | ||
171 | * Message header | ||
172 | */ | ||
173 | struct GNUNET_MessageHeader header; | ||
174 | |||
175 | /** | ||
176 | * Unique identifier for this request (for key collisions). | ||
177 | */ | ||
178 | uint32_t id GNUNET_PACKED; | ||
179 | |||
180 | /** | ||
181 | * Length of serialized attribute data | ||
182 | */ | ||
183 | uint16_t credential_len GNUNET_PACKED; | ||
184 | |||
185 | /** | ||
186 | * The length of the public key | ||
187 | */ | ||
188 | uint16_t key_len GNUNET_PACKED; | ||
189 | |||
190 | /** | ||
191 | * followed by the private key. | ||
192 | * followed by: | ||
193 | * serialized credential data | ||
194 | */ | ||
195 | }; | ||
196 | |||
197 | |||
198 | /** | ||
199 | * Start a attribute iteration for the given identity | ||
200 | */ | ||
201 | struct AttributeIterationStartMessage | ||
202 | { | ||
203 | /** | ||
204 | * Message | ||
205 | */ | ||
206 | struct GNUNET_MessageHeader header; | ||
207 | |||
208 | /** | ||
209 | * Unique identifier for this request (for key collisions). | ||
210 | */ | ||
211 | uint32_t id GNUNET_PACKED; | ||
212 | |||
213 | /** | ||
214 | * Reserved (alignment) | ||
215 | */ | ||
216 | uint16_t reserved GNUNET_PACKED; | ||
217 | |||
218 | /** | ||
219 | * The length of the private key | ||
220 | */ | ||
221 | uint16_t key_len GNUNET_PACKED; | ||
222 | |||
223 | /** | ||
224 | * followed by the private key. | ||
225 | */ | ||
226 | }; | ||
227 | |||
228 | |||
229 | /** | ||
230 | * Ask for next result of attribute iteration for the given operation | ||
231 | */ | ||
232 | struct AttributeIterationNextMessage | ||
233 | { | ||
234 | /** | ||
235 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT | ||
236 | */ | ||
237 | struct GNUNET_MessageHeader header; | ||
238 | |||
239 | /** | ||
240 | * Unique identifier for this request (for key collisions). | ||
241 | */ | ||
242 | uint32_t id GNUNET_PACKED; | ||
243 | }; | ||
244 | |||
245 | |||
246 | /** | ||
247 | * Start a credential iteration for the given identity | ||
248 | */ | ||
249 | struct CredentialIterationStartMessage | ||
250 | { | ||
251 | /** | ||
252 | * Message | ||
253 | */ | ||
254 | struct GNUNET_MessageHeader header; | ||
255 | |||
256 | /** | ||
257 | * Unique identifier for this request (for key collisions). | ||
258 | */ | ||
259 | uint32_t id GNUNET_PACKED; | ||
260 | |||
261 | /** | ||
262 | * Reserved (alignment) | ||
263 | */ | ||
264 | uint16_t reserved GNUNET_PACKED; | ||
265 | |||
266 | /** | ||
267 | * The length of the private key | ||
268 | */ | ||
269 | uint16_t key_len GNUNET_PACKED; | ||
270 | |||
271 | /** | ||
272 | * followed by the private key. | ||
273 | */ | ||
274 | }; | ||
275 | |||
276 | |||
277 | /** | ||
278 | * Ask for next result of credential iteration for the given operation | ||
279 | */ | ||
280 | struct CredentialIterationNextMessage | ||
281 | { | ||
282 | /** | ||
283 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT | ||
284 | */ | ||
285 | struct GNUNET_MessageHeader header; | ||
286 | |||
287 | /** | ||
288 | * Unique identifier for this request (for key collisions). | ||
289 | */ | ||
290 | uint32_t id GNUNET_PACKED; | ||
291 | }; | ||
292 | |||
293 | |||
294 | /** | ||
295 | * Stop credential iteration for the given operation | ||
296 | */ | ||
297 | struct CredentialIterationStopMessage | ||
298 | { | ||
299 | /** | ||
300 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP | ||
301 | */ | ||
302 | struct GNUNET_MessageHeader header; | ||
303 | |||
304 | /** | ||
305 | * Unique identifier for this request (for key collisions). | ||
306 | */ | ||
307 | uint32_t id GNUNET_PACKED; | ||
308 | }; | ||
309 | |||
310 | |||
311 | /** | ||
312 | * Stop attribute iteration for the given operation | ||
313 | */ | ||
314 | struct AttributeIterationStopMessage | ||
315 | { | ||
316 | /** | ||
317 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP | ||
318 | */ | ||
319 | struct GNUNET_MessageHeader header; | ||
320 | |||
321 | /** | ||
322 | * Unique identifier for this request (for key collisions). | ||
323 | */ | ||
324 | uint32_t id GNUNET_PACKED; | ||
325 | }; | ||
326 | |||
327 | /** | ||
328 | * Start a ticket iteration for the given identity | ||
329 | */ | ||
330 | struct TicketIterationStartMessage | ||
331 | { | ||
332 | /** | ||
333 | * Message | ||
334 | */ | ||
335 | struct GNUNET_MessageHeader header; | ||
336 | |||
337 | /** | ||
338 | * Unique identifier for this request (for key collisions). | ||
339 | */ | ||
340 | uint32_t id GNUNET_PACKED; | ||
341 | |||
342 | /** | ||
343 | * Reserved (alignment) | ||
344 | */ | ||
345 | uint16_t reserved GNUNET_PACKED; | ||
346 | |||
347 | /** | ||
348 | * The length of the private key | ||
349 | */ | ||
350 | uint16_t key_len GNUNET_PACKED; | ||
351 | |||
352 | /** | ||
353 | * followed by the private key. | ||
354 | */ | ||
355 | }; | ||
356 | |||
357 | |||
358 | /** | ||
359 | * Ask for next result of ticket iteration for the given operation | ||
360 | */ | ||
361 | struct TicketIterationNextMessage | ||
362 | { | ||
363 | /** | ||
364 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT | ||
365 | */ | ||
366 | struct GNUNET_MessageHeader header; | ||
367 | |||
368 | /** | ||
369 | * Unique identifier for this request (for key collisions). | ||
370 | */ | ||
371 | uint32_t id GNUNET_PACKED; | ||
372 | }; | ||
373 | |||
374 | |||
375 | /** | ||
376 | * Stop ticket iteration for the given operation | ||
377 | */ | ||
378 | struct TicketIterationStopMessage | ||
379 | { | ||
380 | /** | ||
381 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP | ||
382 | */ | ||
383 | struct GNUNET_MessageHeader header; | ||
384 | |||
385 | /** | ||
386 | * Unique identifier for this request (for key collisions). | ||
387 | */ | ||
388 | uint32_t id GNUNET_PACKED; | ||
389 | }; | ||
390 | |||
391 | |||
392 | /** | ||
393 | * Ticket issue message | ||
394 | */ | ||
395 | struct IssueTicketMessage | ||
396 | { | ||
397 | /** | ||
398 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET | ||
399 | */ | ||
400 | struct GNUNET_MessageHeader header; | ||
401 | |||
402 | /** | ||
403 | * Unique identifier for this request (for key collisions). | ||
404 | */ | ||
405 | uint32_t id GNUNET_PACKED; | ||
406 | |||
407 | /** | ||
408 | * Reserved (alignment) | ||
409 | */ | ||
410 | uint16_t reserved GNUNET_PACKED; | ||
411 | |||
412 | /** | ||
413 | * length of serialized attribute list | ||
414 | */ | ||
415 | uint16_t attr_len GNUNET_PACKED; | ||
416 | |||
417 | /** | ||
418 | * The length of the identity private key | ||
419 | */ | ||
420 | uint16_t key_len GNUNET_PACKED; | ||
421 | |||
422 | /** | ||
423 | * The length of the relying party public key | ||
424 | */ | ||
425 | uint16_t pkey_len GNUNET_PACKED; | ||
426 | |||
427 | /** | ||
428 | * Followed by the private key. | ||
429 | * Followed by the public key. | ||
430 | * Followed by a serialized attribute list | ||
431 | */ | ||
432 | }; | ||
433 | |||
434 | /** | ||
435 | * Ticket revoke message | ||
436 | */ | ||
437 | struct RevokeTicketMessage | ||
438 | { | ||
439 | /** | ||
440 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET | ||
441 | */ | ||
442 | struct GNUNET_MessageHeader header; | ||
443 | |||
444 | /** | ||
445 | * Unique identifier for this request (for key collisions). | ||
446 | */ | ||
447 | uint32_t id GNUNET_PACKED; | ||
448 | |||
449 | /** | ||
450 | * The length of the private key | ||
451 | */ | ||
452 | uint16_t key_len GNUNET_PACKED; | ||
453 | |||
454 | /** | ||
455 | * The length of the ticket | ||
456 | */ | ||
457 | uint16_t tkt_len GNUNET_PACKED; | ||
458 | |||
459 | /** | ||
460 | * Followed by the serialized ticket. | ||
461 | * Followed by the private key. | ||
462 | * Followed by a serialized attribute list | ||
463 | */ | ||
464 | }; | ||
465 | |||
466 | /** | ||
467 | * Ticket revoke message | ||
468 | */ | ||
469 | struct RevokeTicketResultMessage | ||
470 | { | ||
471 | /** | ||
472 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT | ||
473 | */ | ||
474 | struct GNUNET_MessageHeader header; | ||
475 | |||
476 | /** | ||
477 | * Unique identifier for this request (for key collisions). | ||
478 | */ | ||
479 | uint32_t id GNUNET_PACKED; | ||
480 | |||
481 | /** | ||
482 | * Revocation result | ||
483 | */ | ||
484 | uint32_t success GNUNET_PACKED; | ||
485 | }; | ||
486 | |||
487 | |||
488 | /** | ||
489 | * Ticket result message | ||
490 | */ | ||
491 | struct TicketResultMessage | ||
492 | { | ||
493 | /** | ||
494 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT | ||
495 | */ | ||
496 | struct GNUNET_MessageHeader header; | ||
497 | |||
498 | /** | ||
499 | * Unique identifier for this request (for key collisions). | ||
500 | */ | ||
501 | uint32_t id GNUNET_PACKED; | ||
502 | |||
503 | /** | ||
504 | * Ticket length | ||
505 | */ | ||
506 | uint16_t tkt_len GNUNET_PACKED; | ||
507 | |||
508 | /** | ||
509 | * Length of new presentations created | ||
510 | */ | ||
511 | uint16_t presentations_len GNUNET_PACKED; | ||
512 | |||
513 | /* | ||
514 | * Followed by the serialized ticket | ||
515 | * Followed by the serialized GNUNET_RECLAIM_PresentationList | ||
516 | */ | ||
517 | }; | ||
518 | |||
519 | /** | ||
520 | * Ticket consume message | ||
521 | */ | ||
522 | struct ConsumeTicketMessage | ||
523 | { | ||
524 | /** | ||
525 | * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET | ||
526 | */ | ||
527 | struct GNUNET_MessageHeader header; | ||
528 | |||
529 | /** | ||
530 | * Unique identifier for this request (for key collisions). | ||
531 | */ | ||
532 | uint32_t id GNUNET_PACKED; | ||
533 | |||
534 | /** | ||
535 | * The length of the private key | ||
536 | */ | ||
537 | uint16_t key_len GNUNET_PACKED; | ||
538 | |||
539 | /** | ||
540 | * The length of the ticket | ||
541 | */ | ||
542 | uint16_t tkt_len GNUNET_PACKED; | ||
543 | |||
544 | /** | ||
545 | * Followed by the private key. | ||
546 | * Followed by the serialized ticket. | ||
547 | */ | ||
548 | }; | ||
549 | |||
550 | /** | ||
551 | * Attribute list is returned from the idp. | ||
552 | */ | ||
553 | struct ConsumeTicketResultMessage | ||
554 | { | ||
555 | /** | ||
556 | * Message header | ||
557 | */ | ||
558 | struct GNUNET_MessageHeader header; | ||
559 | |||
560 | /** | ||
561 | * Unique identifier for this request (for key collisions). | ||
562 | */ | ||
563 | uint32_t id GNUNET_PACKED; | ||
564 | |||
565 | /** | ||
566 | * Result | ||
567 | */ | ||
568 | uint32_t result GNUNET_PACKED; | ||
569 | |||
570 | /** | ||
571 | * Reserved (alignment) | ||
572 | */ | ||
573 | uint16_t reserved GNUNET_PACKED; | ||
574 | |||
575 | /** | ||
576 | * Length of serialized attribute data | ||
577 | */ | ||
578 | uint16_t attrs_len GNUNET_PACKED; | ||
579 | |||
580 | /** | ||
581 | * Length of presentation data | ||
582 | */ | ||
583 | uint16_t presentations_len; | ||
584 | |||
585 | /** | ||
586 | * The length of the private key | ||
587 | */ | ||
588 | uint16_t key_len GNUNET_PACKED; | ||
589 | |||
590 | /** | ||
591 | * Followed by the private key. | ||
592 | * followed by: | ||
593 | * serialized attributes data | ||
594 | */ | ||
595 | }; | ||
596 | |||
597 | |||
598 | GNUNET_NETWORK_STRUCT_END | ||
599 | |||
600 | #endif | ||
diff --git a/src/reclaim/reclaim_api.c b/src/reclaim/reclaim_api.c deleted file mode 100644 index e9a34dd95..000000000 --- a/src/reclaim/reclaim_api.c +++ /dev/null | |||
@@ -1,1813 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2016 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/reclaim_api.c | ||
23 | * @brief api to interact with the reclaim service | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_constants.h" | ||
29 | #include "gnunet_protocols.h" | ||
30 | #include "gnunet_reclaim_lib.h" | ||
31 | #include "gnunet_reclaim_service.h" | ||
32 | #include "reclaim.h" | ||
33 | |||
34 | #define LOG(kind, ...) GNUNET_log_from (kind, "reclaim-api", __VA_ARGS__) | ||
35 | |||
36 | |||
37 | /** | ||
38 | * Handle for an operation with the service. | ||
39 | */ | ||
40 | struct GNUNET_RECLAIM_Operation | ||
41 | { | ||
42 | /** | ||
43 | * Main handle. | ||
44 | */ | ||
45 | struct GNUNET_RECLAIM_Handle *h; | ||
46 | |||
47 | /** | ||
48 | * We keep operations in a DLL. | ||
49 | */ | ||
50 | struct GNUNET_RECLAIM_Operation *next; | ||
51 | |||
52 | /** | ||
53 | * We keep operations in a DLL. | ||
54 | */ | ||
55 | struct GNUNET_RECLAIM_Operation *prev; | ||
56 | |||
57 | /** | ||
58 | * Message to send to the service. | ||
59 | * Allocated at the end of this struct. | ||
60 | */ | ||
61 | const struct GNUNET_MessageHeader *msg; | ||
62 | |||
63 | /** | ||
64 | * Continuation to invoke after attribute store call | ||
65 | */ | ||
66 | GNUNET_RECLAIM_ContinuationWithStatus as_cb; | ||
67 | |||
68 | /** | ||
69 | * Attribute result callback | ||
70 | */ | ||
71 | GNUNET_RECLAIM_AttributeResult ar_cb; | ||
72 | |||
73 | /** | ||
74 | * Attribute result callback | ||
75 | */ | ||
76 | GNUNET_RECLAIM_AttributeTicketResult atr_cb; | ||
77 | |||
78 | /** | ||
79 | * Credential result callback | ||
80 | */ | ||
81 | GNUNET_RECLAIM_CredentialResult at_cb; | ||
82 | |||
83 | /** | ||
84 | * Revocation result callback | ||
85 | */ | ||
86 | GNUNET_RECLAIM_ContinuationWithStatus rvk_cb; | ||
87 | |||
88 | /** | ||
89 | * Ticket result callback | ||
90 | */ | ||
91 | GNUNET_RECLAIM_TicketCallback tr_cb; | ||
92 | |||
93 | /** | ||
94 | * Ticket issue result callback | ||
95 | */ | ||
96 | GNUNET_RECLAIM_IssueTicketCallback ti_cb; | ||
97 | |||
98 | /** | ||
99 | * Envelope with the message for this queue entry. | ||
100 | */ | ||
101 | struct GNUNET_MQ_Envelope *env; | ||
102 | |||
103 | /** | ||
104 | * request id | ||
105 | */ | ||
106 | uint32_t r_id; | ||
107 | |||
108 | /** | ||
109 | * Closure for @e cont or @e cb. | ||
110 | */ | ||
111 | void *cls; | ||
112 | }; | ||
113 | |||
114 | |||
115 | /** | ||
116 | * Handle for a ticket iterator operation | ||
117 | */ | ||
118 | struct GNUNET_RECLAIM_TicketIterator | ||
119 | { | ||
120 | /** | ||
121 | * Kept in a DLL. | ||
122 | */ | ||
123 | struct GNUNET_RECLAIM_TicketIterator *next; | ||
124 | |||
125 | /** | ||
126 | * Kept in a DLL. | ||
127 | */ | ||
128 | struct GNUNET_RECLAIM_TicketIterator *prev; | ||
129 | |||
130 | /** | ||
131 | * Main handle to access the idp. | ||
132 | */ | ||
133 | struct GNUNET_RECLAIM_Handle *h; | ||
134 | |||
135 | /** | ||
136 | * Function to call on completion. | ||
137 | */ | ||
138 | GNUNET_SCHEDULER_TaskCallback finish_cb; | ||
139 | |||
140 | /** | ||
141 | * Closure for @e finish_cb. | ||
142 | */ | ||
143 | void *finish_cb_cls; | ||
144 | |||
145 | /** | ||
146 | * The continuation to call with the results | ||
147 | */ | ||
148 | GNUNET_RECLAIM_TicketCallback tr_cb; | ||
149 | |||
150 | /** | ||
151 | * Closure for @e tr_cb. | ||
152 | */ | ||
153 | void *cls; | ||
154 | |||
155 | /** | ||
156 | * Function to call on errors. | ||
157 | */ | ||
158 | GNUNET_SCHEDULER_TaskCallback error_cb; | ||
159 | |||
160 | /** | ||
161 | * Closure for @e error_cb. | ||
162 | */ | ||
163 | void *error_cb_cls; | ||
164 | |||
165 | /** | ||
166 | * Envelope of the message to send to the service, if not yet | ||
167 | * sent. | ||
168 | */ | ||
169 | struct GNUNET_MQ_Envelope *env; | ||
170 | |||
171 | /** | ||
172 | * The operation id this zone iteration operation has | ||
173 | */ | ||
174 | uint32_t r_id; | ||
175 | }; | ||
176 | |||
177 | |||
178 | /** | ||
179 | * Handle for a attribute iterator operation | ||
180 | */ | ||
181 | struct GNUNET_RECLAIM_AttributeIterator | ||
182 | { | ||
183 | /** | ||
184 | * Kept in a DLL. | ||
185 | */ | ||
186 | struct GNUNET_RECLAIM_AttributeIterator *next; | ||
187 | |||
188 | /** | ||
189 | * Kept in a DLL. | ||
190 | */ | ||
191 | struct GNUNET_RECLAIM_AttributeIterator *prev; | ||
192 | |||
193 | /** | ||
194 | * Main handle to access the service. | ||
195 | */ | ||
196 | struct GNUNET_RECLAIM_Handle *h; | ||
197 | |||
198 | /** | ||
199 | * Function to call on completion. | ||
200 | */ | ||
201 | GNUNET_SCHEDULER_TaskCallback finish_cb; | ||
202 | |||
203 | /** | ||
204 | * Closure for @e finish_cb. | ||
205 | */ | ||
206 | void *finish_cb_cls; | ||
207 | |||
208 | /** | ||
209 | * The continuation to call with the results | ||
210 | */ | ||
211 | GNUNET_RECLAIM_AttributeResult proc; | ||
212 | |||
213 | /** | ||
214 | * Closure for @e proc. | ||
215 | */ | ||
216 | void *proc_cls; | ||
217 | |||
218 | /** | ||
219 | * Function to call on errors. | ||
220 | */ | ||
221 | GNUNET_SCHEDULER_TaskCallback error_cb; | ||
222 | |||
223 | /** | ||
224 | * Closure for @e error_cb. | ||
225 | */ | ||
226 | void *error_cb_cls; | ||
227 | |||
228 | /** | ||
229 | * Envelope of the message to send to the service, if not yet | ||
230 | * sent. | ||
231 | */ | ||
232 | struct GNUNET_MQ_Envelope *env; | ||
233 | |||
234 | /** | ||
235 | * Private key of the zone. | ||
236 | */ | ||
237 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
238 | |||
239 | /** | ||
240 | * The operation id this zone iteration operation has | ||
241 | */ | ||
242 | uint32_t r_id; | ||
243 | }; | ||
244 | |||
245 | /** | ||
246 | * Handle for a credential iterator operation | ||
247 | */ | ||
248 | struct GNUNET_RECLAIM_CredentialIterator | ||
249 | { | ||
250 | /** | ||
251 | * Kept in a DLL. | ||
252 | */ | ||
253 | struct GNUNET_RECLAIM_CredentialIterator *next; | ||
254 | |||
255 | /** | ||
256 | * Kept in a DLL. | ||
257 | */ | ||
258 | struct GNUNET_RECLAIM_CredentialIterator *prev; | ||
259 | |||
260 | /** | ||
261 | * Main handle to access the service. | ||
262 | */ | ||
263 | struct GNUNET_RECLAIM_Handle *h; | ||
264 | |||
265 | /** | ||
266 | * Function to call on completion. | ||
267 | */ | ||
268 | GNUNET_SCHEDULER_TaskCallback finish_cb; | ||
269 | |||
270 | /** | ||
271 | * Closure for @e finish_cb. | ||
272 | */ | ||
273 | void *finish_cb_cls; | ||
274 | |||
275 | /** | ||
276 | * The continuation to call with the results | ||
277 | */ | ||
278 | GNUNET_RECLAIM_CredentialResult proc; | ||
279 | |||
280 | /** | ||
281 | * Closure for @e proc. | ||
282 | */ | ||
283 | void *proc_cls; | ||
284 | |||
285 | /** | ||
286 | * Function to call on errors. | ||
287 | */ | ||
288 | GNUNET_SCHEDULER_TaskCallback error_cb; | ||
289 | |||
290 | /** | ||
291 | * Closure for @e error_cb. | ||
292 | */ | ||
293 | void *error_cb_cls; | ||
294 | |||
295 | /** | ||
296 | * Envelope of the message to send to the service, if not yet | ||
297 | * sent. | ||
298 | */ | ||
299 | struct GNUNET_MQ_Envelope *env; | ||
300 | |||
301 | /** | ||
302 | * Private key of the zone. | ||
303 | */ | ||
304 | struct GNUNET_CRYPTO_PrivateKey identity; | ||
305 | |||
306 | /** | ||
307 | * The operation id this zone iteration operation has | ||
308 | */ | ||
309 | uint32_t r_id; | ||
310 | }; | ||
311 | |||
312 | |||
313 | /** | ||
314 | * Handle to the service. | ||
315 | */ | ||
316 | struct GNUNET_RECLAIM_Handle | ||
317 | { | ||
318 | /** | ||
319 | * Configuration to use. | ||
320 | */ | ||
321 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
322 | |||
323 | /** | ||
324 | * Socket (if available). | ||
325 | */ | ||
326 | struct GNUNET_CLIENT_Connection *client; | ||
327 | |||
328 | /** | ||
329 | * Closure for 'cb'. | ||
330 | */ | ||
331 | void *cb_cls; | ||
332 | |||
333 | /** | ||
334 | * Head of active operations. | ||
335 | */ | ||
336 | struct GNUNET_RECLAIM_Operation *op_head; | ||
337 | |||
338 | /** | ||
339 | * Tail of active operations. | ||
340 | */ | ||
341 | struct GNUNET_RECLAIM_Operation *op_tail; | ||
342 | |||
343 | /** | ||
344 | * Head of active iterations | ||
345 | */ | ||
346 | struct GNUNET_RECLAIM_AttributeIterator *it_head; | ||
347 | |||
348 | /** | ||
349 | * Tail of active iterations | ||
350 | */ | ||
351 | struct GNUNET_RECLAIM_AttributeIterator *it_tail; | ||
352 | |||
353 | /** | ||
354 | * Head of active iterations | ||
355 | */ | ||
356 | struct GNUNET_RECLAIM_CredentialIterator *ait_head; | ||
357 | |||
358 | /** | ||
359 | * Tail of active iterations | ||
360 | */ | ||
361 | struct GNUNET_RECLAIM_CredentialIterator *ait_tail; | ||
362 | |||
363 | /** | ||
364 | * Head of active iterations | ||
365 | */ | ||
366 | struct GNUNET_RECLAIM_TicketIterator *ticket_it_head; | ||
367 | |||
368 | /** | ||
369 | * Tail of active iterations | ||
370 | */ | ||
371 | struct GNUNET_RECLAIM_TicketIterator *ticket_it_tail; | ||
372 | |||
373 | /** | ||
374 | * Currently pending transmission request, or NULL for none. | ||
375 | */ | ||
376 | struct GNUNET_CLIENT_TransmitHandle *th; | ||
377 | |||
378 | /** | ||
379 | * Task doing exponential back-off trying to reconnect. | ||
380 | */ | ||
381 | struct GNUNET_SCHEDULER_Task *reconnect_task; | ||
382 | |||
383 | /** | ||
384 | * Time for next connect retry. | ||
385 | */ | ||
386 | struct GNUNET_TIME_Relative reconnect_backoff; | ||
387 | |||
388 | /** | ||
389 | * Connection to service (if available). | ||
390 | */ | ||
391 | struct GNUNET_MQ_Handle *mq; | ||
392 | |||
393 | /** | ||
394 | * Request Id generator. Incremented by one for each request. | ||
395 | */ | ||
396 | uint32_t r_id_gen; | ||
397 | |||
398 | /** | ||
399 | * Are we polling for incoming messages right now? | ||
400 | */ | ||
401 | int in_receive; | ||
402 | }; | ||
403 | |||
404 | |||
405 | /** | ||
406 | * Try again to connect to the service. | ||
407 | * | ||
408 | * @param h handle to the reclaim service. | ||
409 | */ | ||
410 | static void | ||
411 | reconnect (struct GNUNET_RECLAIM_Handle *h); | ||
412 | |||
413 | |||
414 | /** | ||
415 | * Reconnect | ||
416 | * | ||
417 | * @param cls the handle | ||
418 | */ | ||
419 | static void | ||
420 | reconnect_task (void *cls) | ||
421 | { | ||
422 | struct GNUNET_RECLAIM_Handle *handle = cls; | ||
423 | |||
424 | handle->reconnect_task = NULL; | ||
425 | reconnect (handle); | ||
426 | } | ||
427 | |||
428 | |||
429 | /** | ||
430 | * Disconnect from service and then reconnect. | ||
431 | * | ||
432 | * @param handle our service | ||
433 | */ | ||
434 | static void | ||
435 | force_reconnect (struct GNUNET_RECLAIM_Handle *handle) | ||
436 | { | ||
437 | GNUNET_MQ_destroy (handle->mq); | ||
438 | handle->mq = NULL; | ||
439 | handle->reconnect_backoff = | ||
440 | GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff); | ||
441 | handle->reconnect_task = | ||
442 | GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff, | ||
443 | &reconnect_task, | ||
444 | handle); | ||
445 | } | ||
446 | |||
447 | |||
448 | /** | ||
449 | * Free @a it. | ||
450 | * | ||
451 | * @param it entry to free | ||
452 | */ | ||
453 | static void | ||
454 | free_it (struct GNUNET_RECLAIM_AttributeIterator *it) | ||
455 | { | ||
456 | struct GNUNET_RECLAIM_Handle *h = it->h; | ||
457 | |||
458 | GNUNET_CONTAINER_DLL_remove (h->it_head, h->it_tail, it); | ||
459 | if (NULL != it->env) | ||
460 | GNUNET_MQ_discard (it->env); | ||
461 | GNUNET_free (it); | ||
462 | } | ||
463 | |||
464 | |||
465 | /** | ||
466 | * Free @a it. | ||
467 | * | ||
468 | * @param ait entry to free | ||
469 | */ | ||
470 | static void | ||
471 | free_ait (struct GNUNET_RECLAIM_CredentialIterator *ait) | ||
472 | { | ||
473 | struct GNUNET_RECLAIM_Handle *h = ait->h; | ||
474 | |||
475 | GNUNET_CONTAINER_DLL_remove (h->ait_head, h->ait_tail, ait); | ||
476 | if (NULL != ait->env) | ||
477 | GNUNET_MQ_discard (ait->env); | ||
478 | GNUNET_free (ait); | ||
479 | } | ||
480 | |||
481 | |||
482 | /** | ||
483 | * Free @a op | ||
484 | * | ||
485 | * @param op the operation to free | ||
486 | */ | ||
487 | static void | ||
488 | free_op (struct GNUNET_RECLAIM_Operation *op) | ||
489 | { | ||
490 | if (NULL == op) | ||
491 | return; | ||
492 | if (NULL != op->env) | ||
493 | GNUNET_MQ_discard (op->env); | ||
494 | GNUNET_free (op); | ||
495 | } | ||
496 | |||
497 | |||
498 | /** | ||
499 | * Generic error handler, called with the appropriate error code and | ||
500 | * the same closure specified at the creation of the message queue. | ||
501 | * Not every message queue implementation supports an error handler. | ||
502 | * | ||
503 | * @param cls closure with the `struct GNUNET_GNS_Handle *` | ||
504 | * @param error error code | ||
505 | */ | ||
506 | static void | ||
507 | mq_error_handler (void *cls, enum GNUNET_MQ_Error error) | ||
508 | { | ||
509 | struct GNUNET_RECLAIM_Handle *handle = cls; | ||
510 | |||
511 | force_reconnect (handle); | ||
512 | } | ||
513 | |||
514 | |||
515 | /** | ||
516 | * Handle an incoming message of type | ||
517 | * #GNUNET_MESSAGE_TYPE_RECLAIM_SUCCESS_RESPONSE | ||
518 | * | ||
519 | * @param cls | ||
520 | * @param msg the message we received | ||
521 | */ | ||
522 | static void | ||
523 | handle_success_response (void *cls, const struct SuccessResultMessage *msg) | ||
524 | { | ||
525 | struct GNUNET_RECLAIM_Handle *h = cls; | ||
526 | struct GNUNET_RECLAIM_Operation *op; | ||
527 | uint32_t r_id = ntohl (msg->id); | ||
528 | int res; | ||
529 | const char *emsg; | ||
530 | |||
531 | for (op = h->op_head; NULL != op; op = op->next) | ||
532 | if (op->r_id == r_id) | ||
533 | break; | ||
534 | if (NULL == op) | ||
535 | return; | ||
536 | |||
537 | res = ntohl (msg->op_result); | ||
538 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
539 | "Received SUCCESS_RESPONSE with result %d\n", | ||
540 | res); | ||
541 | |||
542 | /* TODO: add actual error message to response... */ | ||
543 | if (GNUNET_SYSERR == res) | ||
544 | emsg = _ ("failed to store record\n"); | ||
545 | else | ||
546 | emsg = NULL; | ||
547 | if (NULL != op->as_cb) | ||
548 | op->as_cb (op->cls, res, emsg); | ||
549 | GNUNET_CONTAINER_DLL_remove (h->op_head, h->op_tail, op); | ||
550 | free_op (op); | ||
551 | } | ||
552 | |||
553 | |||
554 | /** | ||
555 | * Handle an incoming message of type | ||
556 | * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT | ||
557 | * | ||
558 | * @param cls | ||
559 | * @param msg the message we received | ||
560 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
561 | */ | ||
562 | static int | ||
563 | check_consume_ticket_result (void *cls, | ||
564 | const struct ConsumeTicketResultMessage *msg) | ||
565 | { | ||
566 | size_t msg_len; | ||
567 | size_t attrs_len; | ||
568 | size_t pl_len; | ||
569 | size_t key_len; | ||
570 | |||
571 | msg_len = ntohs (msg->header.size); | ||
572 | attrs_len = ntohs (msg->attrs_len); | ||
573 | key_len = ntohs (msg->key_len); | ||
574 | pl_len = ntohs (msg->presentations_len); | ||
575 | if (msg_len != sizeof(*msg) + attrs_len + pl_len + key_len) | ||
576 | { | ||
577 | GNUNET_break (0); | ||
578 | return GNUNET_SYSERR; | ||
579 | } | ||
580 | return GNUNET_OK; | ||
581 | } | ||
582 | |||
583 | |||
584 | /** | ||
585 | * Handle an incoming message of type | ||
586 | * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT | ||
587 | * | ||
588 | * @param cls | ||
589 | * @param msg the message we received | ||
590 | */ | ||
591 | static void | ||
592 | handle_consume_ticket_result (void *cls, | ||
593 | const struct ConsumeTicketResultMessage *msg) | ||
594 | { | ||
595 | struct GNUNET_CRYPTO_PublicKey identity; | ||
596 | struct GNUNET_RECLAIM_Handle *h = cls; | ||
597 | struct GNUNET_RECLAIM_Operation *op; | ||
598 | size_t attrs_len; | ||
599 | size_t pl_len; | ||
600 | size_t key_len; | ||
601 | size_t read; | ||
602 | uint32_t r_id = ntohl (msg->id); | ||
603 | char *read_ptr; | ||
604 | |||
605 | attrs_len = ntohs (msg->attrs_len); | ||
606 | key_len = ntohs (msg->key_len); | ||
607 | pl_len = ntohs (msg->presentations_len); | ||
608 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Processing ticket result.\n"); | ||
609 | |||
610 | |||
611 | for (op = h->op_head; NULL != op; op = op->next) | ||
612 | if (op->r_id == r_id) | ||
613 | break; | ||
614 | if (NULL == op) | ||
615 | return; | ||
616 | |||
617 | { | ||
618 | struct GNUNET_RECLAIM_AttributeList *attrs; | ||
619 | struct GNUNET_RECLAIM_AttributeListEntry *le; | ||
620 | struct GNUNET_RECLAIM_PresentationList *pl; | ||
621 | struct GNUNET_RECLAIM_PresentationListEntry *ple; | ||
622 | read_ptr = (char *) &msg[1]; | ||
623 | GNUNET_assert (GNUNET_SYSERR != | ||
624 | GNUNET_CRYPTO_read_public_key_from_buffer (read_ptr, | ||
625 | key_len, | ||
626 | &identity, | ||
627 | &read)); | ||
628 | read_ptr += read; | ||
629 | attrs = | ||
630 | GNUNET_RECLAIM_attribute_list_deserialize (read_ptr, attrs_len); | ||
631 | read_ptr += attrs_len; | ||
632 | pl = GNUNET_RECLAIM_presentation_list_deserialize (read_ptr, pl_len); | ||
633 | if (NULL != op->atr_cb) | ||
634 | { | ||
635 | if (NULL == attrs) | ||
636 | { | ||
637 | op->atr_cb (op->cls, &identity, NULL, NULL); | ||
638 | } | ||
639 | else | ||
640 | { | ||
641 | for (le = attrs->list_head; NULL != le; le = le->next) | ||
642 | { | ||
643 | if (GNUNET_NO == | ||
644 | GNUNET_RECLAIM_id_is_zero (&le->attribute->credential)) | ||
645 | { | ||
646 | for (ple = pl->list_head; NULL != ple; ple = ple->next) | ||
647 | { | ||
648 | if (GNUNET_YES == | ||
649 | GNUNET_RECLAIM_id_is_equal (&le->attribute->credential, | ||
650 | &ple->presentation->credential_id)) | ||
651 | { | ||
652 | op->atr_cb (op->cls, &identity, | ||
653 | le->attribute, ple->presentation); | ||
654 | break; | ||
655 | } | ||
656 | |||
657 | } | ||
658 | } | ||
659 | else // No credentials | ||
660 | { | ||
661 | op->atr_cb (op->cls, &identity, | ||
662 | le->attribute, NULL); | ||
663 | } | ||
664 | } | ||
665 | } | ||
666 | op->atr_cb (op->cls, NULL, NULL, NULL); | ||
667 | } | ||
668 | if (NULL != attrs) | ||
669 | GNUNET_RECLAIM_attribute_list_destroy (attrs); | ||
670 | if (NULL != pl) | ||
671 | GNUNET_RECLAIM_presentation_list_destroy (pl); | ||
672 | GNUNET_CONTAINER_DLL_remove (h->op_head, h->op_tail, op); | ||
673 | free_op (op); | ||
674 | return; | ||
675 | } | ||
676 | GNUNET_assert (0); | ||
677 | } | ||
678 | |||
679 | |||
680 | /** | ||
681 | * Handle an incoming message of type | ||
682 | * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT | ||
683 | * | ||
684 | * @param cls | ||
685 | * @param msg the message we received | ||
686 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
687 | */ | ||
688 | static int | ||
689 | check_attribute_result (void *cls, const struct AttributeResultMessage *msg) | ||
690 | { | ||
691 | size_t msg_len; | ||
692 | size_t attr_len; | ||
693 | size_t key_len; | ||
694 | |||
695 | msg_len = ntohs (msg->header.size); | ||
696 | attr_len = ntohs (msg->attr_len); | ||
697 | key_len = ntohs (msg->pkey_len); | ||
698 | if (msg_len != sizeof(*msg) + attr_len + key_len) | ||
699 | { | ||
700 | GNUNET_break (0); | ||
701 | return GNUNET_SYSERR; | ||
702 | } | ||
703 | return GNUNET_OK; | ||
704 | } | ||
705 | |||
706 | |||
707 | /** | ||
708 | * Handle an incoming message of type | ||
709 | * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT | ||
710 | * | ||
711 | * @param cls | ||
712 | * @param msg the message we received | ||
713 | */ | ||
714 | static void | ||
715 | handle_attribute_result (void *cls, const struct AttributeResultMessage *msg) | ||
716 | { | ||
717 | static struct GNUNET_CRYPTO_PublicKey identity; | ||
718 | struct GNUNET_RECLAIM_Handle *h = cls; | ||
719 | struct GNUNET_RECLAIM_AttributeIterator *it; | ||
720 | struct GNUNET_RECLAIM_Operation *op; | ||
721 | size_t attr_len; | ||
722 | size_t key_len; | ||
723 | size_t read; | ||
724 | uint32_t r_id = ntohl (msg->id); | ||
725 | char *buf; | ||
726 | |||
727 | attr_len = ntohs (msg->attr_len); | ||
728 | key_len = ntohs (msg->pkey_len); | ||
729 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing attribute result.\n"); | ||
730 | |||
731 | for (it = h->it_head; NULL != it; it = it->next) | ||
732 | if (it->r_id == r_id) | ||
733 | break; | ||
734 | for (op = h->op_head; NULL != op; op = op->next) | ||
735 | if (op->r_id == r_id) | ||
736 | break; | ||
737 | if ((NULL == it) && (NULL == op)) | ||
738 | return; | ||
739 | |||
740 | buf = (char *) &msg[1]; | ||
741 | if (0 == key_len) | ||
742 | { | ||
743 | if ((NULL == it) && (NULL == op)) | ||
744 | { | ||
745 | GNUNET_break (0); | ||
746 | force_reconnect (h); | ||
747 | return; | ||
748 | } | ||
749 | if (NULL != it) | ||
750 | { | ||
751 | if (NULL != it->finish_cb) | ||
752 | it->finish_cb (it->finish_cb_cls); | ||
753 | free_it (it); | ||
754 | } | ||
755 | if (NULL != op) | ||
756 | { | ||
757 | if (NULL != op->ar_cb) | ||
758 | op->ar_cb (op->cls, NULL, NULL); | ||
759 | GNUNET_CONTAINER_DLL_remove (h->op_head, h->op_tail, op); | ||
760 | free_op (op); | ||
761 | } | ||
762 | return; | ||
763 | } | ||
764 | |||
765 | { | ||
766 | struct GNUNET_RECLAIM_Attribute *attr; | ||
767 | GNUNET_assert (GNUNET_SYSERR != | ||
768 | GNUNET_CRYPTO_read_public_key_from_buffer (buf, | ||
769 | key_len, | ||
770 | &identity, | ||
771 | &read)); | ||
772 | buf += read; | ||
773 | GNUNET_RECLAIM_attribute_deserialize (buf, attr_len, &attr); | ||
774 | if (NULL != it) | ||
775 | { | ||
776 | if (NULL != it->proc) | ||
777 | it->proc (it->proc_cls, &identity, attr); | ||
778 | } | ||
779 | else if (NULL != op) | ||
780 | { | ||
781 | if (NULL != op->ar_cb) | ||
782 | op->ar_cb (op->cls, &identity, attr); | ||
783 | } | ||
784 | GNUNET_free (attr); | ||
785 | return; | ||
786 | } | ||
787 | GNUNET_assert (0); | ||
788 | } | ||
789 | |||
790 | |||
791 | /** | ||
792 | * Handle an incoming message of type | ||
793 | * #GNUNET_MESSAGE_TYPE_RECLAIM_credential_RESULT | ||
794 | * | ||
795 | * @param cls | ||
796 | * @param msg the message we received | ||
797 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
798 | */ | ||
799 | static int | ||
800 | check_credential_result (void *cls, const struct CredentialResultMessage *msg) | ||
801 | { | ||
802 | size_t msg_len; | ||
803 | size_t cred_len; | ||
804 | size_t key_len; | ||
805 | |||
806 | msg_len = ntohs (msg->header.size); | ||
807 | cred_len = ntohs (msg->credential_len); | ||
808 | key_len = ntohs (msg->key_len); | ||
809 | if (msg_len != sizeof(*msg) + cred_len + key_len) | ||
810 | { | ||
811 | GNUNET_break (0); | ||
812 | return GNUNET_SYSERR; | ||
813 | } | ||
814 | return GNUNET_OK; | ||
815 | } | ||
816 | |||
817 | |||
818 | /** | ||
819 | * Handle an incoming message of type | ||
820 | * #GNUNET_MESSAGE_TYPE_RECLAIM_credential_RESULT | ||
821 | * | ||
822 | * @param cls | ||
823 | * @param msg the message we received | ||
824 | */ | ||
825 | static void | ||
826 | handle_credential_result (void *cls, const struct | ||
827 | CredentialResultMessage *msg) | ||
828 | { | ||
829 | struct GNUNET_CRYPTO_PublicKey identity; | ||
830 | struct GNUNET_RECLAIM_Handle *h = cls; | ||
831 | struct GNUNET_RECLAIM_CredentialIterator *it; | ||
832 | struct GNUNET_RECLAIM_Operation *op; | ||
833 | size_t att_len; | ||
834 | size_t key_len; | ||
835 | size_t read; | ||
836 | uint32_t r_id = ntohl (msg->id); | ||
837 | char *buf; | ||
838 | |||
839 | key_len = ntohs (msg->key_len); | ||
840 | att_len = ntohs (msg->credential_len); | ||
841 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing credential result.\n"); | ||
842 | |||
843 | |||
844 | for (it = h->ait_head; NULL != it; it = it->next) | ||
845 | if (it->r_id == r_id) | ||
846 | break; | ||
847 | for (op = h->op_head; NULL != op; op = op->next) | ||
848 | if (op->r_id == r_id) | ||
849 | break; | ||
850 | if ((NULL == it) && (NULL == op)) | ||
851 | return; | ||
852 | |||
853 | buf = (char *) &msg[1]; | ||
854 | if (0 < key_len) | ||
855 | { | ||
856 | GNUNET_assert (GNUNET_SYSERR != | ||
857 | GNUNET_CRYPTO_read_public_key_from_buffer (buf, | ||
858 | key_len, | ||
859 | &identity, | ||
860 | &read)); | ||
861 | buf += read; | ||
862 | } | ||
863 | if (0 == key_len) | ||
864 | { | ||
865 | if ((NULL == it) && (NULL == op)) | ||
866 | { | ||
867 | GNUNET_break (0); | ||
868 | force_reconnect (h); | ||
869 | return; | ||
870 | } | ||
871 | if (NULL != it) | ||
872 | { | ||
873 | if (NULL != it->finish_cb) | ||
874 | it->finish_cb (it->finish_cb_cls); | ||
875 | free_ait (it); | ||
876 | } | ||
877 | if (NULL != op) | ||
878 | { | ||
879 | if (NULL != op->at_cb) | ||
880 | op->at_cb (op->cls, NULL, NULL); | ||
881 | GNUNET_CONTAINER_DLL_remove (h->op_head, h->op_tail, op); | ||
882 | free_op (op); | ||
883 | } | ||
884 | return; | ||
885 | } | ||
886 | |||
887 | { | ||
888 | struct GNUNET_RECLAIM_Credential *att; | ||
889 | att = GNUNET_RECLAIM_credential_deserialize (buf, att_len); | ||
890 | |||
891 | if (NULL != it) | ||
892 | { | ||
893 | if (NULL != it->proc) | ||
894 | it->proc (it->proc_cls, &identity, att); | ||
895 | } | ||
896 | else if (NULL != op) | ||
897 | { | ||
898 | if (NULL != op->at_cb) | ||
899 | op->at_cb (op->cls, &identity, att); | ||
900 | } | ||
901 | GNUNET_free (att); | ||
902 | return; | ||
903 | } | ||
904 | GNUNET_assert (0); | ||
905 | } | ||
906 | |||
907 | |||
908 | /** | ||
909 | * Handle an incoming message of type | ||
910 | * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT | ||
911 | * | ||
912 | * @param cls | ||
913 | * @param msg the message we received | ||
914 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on error | ||
915 | */ | ||
916 | static int | ||
917 | check_ticket_result (void *cls, const struct TicketResultMessage *msg) | ||
918 | { | ||
919 | size_t msg_len; | ||
920 | size_t pres_len; | ||
921 | size_t tkt_len; | ||
922 | |||
923 | msg_len = ntohs (msg->header.size); | ||
924 | pres_len = ntohs (msg->presentations_len); | ||
925 | tkt_len = ntohs (msg->tkt_len); | ||
926 | if (msg_len != sizeof(*msg) + pres_len + tkt_len) | ||
927 | { | ||
928 | GNUNET_break (0); | ||
929 | return GNUNET_SYSERR; | ||
930 | } | ||
931 | return GNUNET_OK; | ||
932 | } | ||
933 | |||
934 | |||
935 | /** | ||
936 | * Handle an incoming message of type | ||
937 | * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT | ||
938 | * | ||
939 | * @param cls | ||
940 | * @param msg the message we received | ||
941 | */ | ||
942 | static void | ||
943 | handle_ticket_result (void *cls, const struct TicketResultMessage *msg) | ||
944 | { | ||
945 | struct GNUNET_RECLAIM_Handle *handle = cls; | ||
946 | struct GNUNET_RECLAIM_Operation *op; | ||
947 | struct GNUNET_RECLAIM_TicketIterator *it; | ||
948 | struct GNUNET_RECLAIM_PresentationList *presentation; | ||
949 | uint32_t r_id = ntohl (msg->id); | ||
950 | struct GNUNET_RECLAIM_Ticket ticket; | ||
951 | size_t pres_len; | ||
952 | size_t tkt_len; | ||
953 | size_t tb_read; | ||
954 | char *buf; | ||
955 | |||
956 | tkt_len = ntohs (msg->tkt_len); | ||
957 | pres_len = ntohs (msg->presentations_len); | ||
958 | for (op = handle->op_head; NULL != op; op = op->next) | ||
959 | if (op->r_id == r_id) | ||
960 | break; | ||
961 | for (it = handle->ticket_it_head; NULL != it; it = it->next) | ||
962 | if (it->r_id == r_id) | ||
963 | break; | ||
964 | if ((NULL == op) && (NULL == it)) | ||
965 | return; | ||
966 | buf = (char*) &msg[1]; | ||
967 | GNUNET_assert (GNUNET_SYSERR != | ||
968 | GNUNET_RECLAIM_read_ticket_from_buffer (buf, | ||
969 | tkt_len, | ||
970 | &ticket, | ||
971 | &tb_read)); | ||
972 | buf += tb_read; | ||
973 | if (NULL != op) | ||
974 | { | ||
975 | if (0 < pres_len) | ||
976 | presentation = GNUNET_RECLAIM_presentation_list_deserialize ( | ||
977 | buf, | ||
978 | pres_len); | ||
979 | GNUNET_CONTAINER_DLL_remove (handle->op_head, handle->op_tail, op); | ||
980 | if (0 == tb_read) | ||
981 | { | ||
982 | if (NULL != op->ti_cb) | ||
983 | op->ti_cb (op->cls, NULL, NULL); | ||
984 | } | ||
985 | else | ||
986 | { | ||
987 | if (NULL != op->ti_cb) | ||
988 | op->ti_cb (op->cls, | ||
989 | &ticket, | ||
990 | (0 < pres_len) ? presentation : NULL); | ||
991 | } | ||
992 | if (0 < pres_len) | ||
993 | GNUNET_RECLAIM_presentation_list_destroy (presentation); | ||
994 | free_op (op); | ||
995 | return; | ||
996 | } | ||
997 | else if (NULL != it) | ||
998 | { | ||
999 | if (0 == tkt_len) | ||
1000 | { | ||
1001 | GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head, | ||
1002 | handle->ticket_it_tail, | ||
1003 | it); | ||
1004 | it->finish_cb (it->finish_cb_cls); | ||
1005 | GNUNET_free (it); | ||
1006 | } | ||
1007 | else | ||
1008 | { | ||
1009 | if (NULL != it->tr_cb) | ||
1010 | it->tr_cb (it->cls, &ticket); | ||
1011 | } | ||
1012 | return; | ||
1013 | } | ||
1014 | GNUNET_break (0); | ||
1015 | } | ||
1016 | |||
1017 | |||
1018 | /** | ||
1019 | * Handle an incoming message of type | ||
1020 | * #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT | ||
1021 | * | ||
1022 | * @param cls | ||
1023 | * @param msg the message we received | ||
1024 | */ | ||
1025 | static void | ||
1026 | handle_revoke_ticket_result (void *cls, | ||
1027 | const struct RevokeTicketResultMessage *msg) | ||
1028 | { | ||
1029 | struct GNUNET_RECLAIM_Handle *h = cls; | ||
1030 | struct GNUNET_RECLAIM_Operation *op; | ||
1031 | uint32_t r_id = ntohl (msg->id); | ||
1032 | int32_t success; | ||
1033 | |||
1034 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Processing revocation result.\n"); | ||
1035 | |||
1036 | |||
1037 | for (op = h->op_head; NULL != op; op = op->next) | ||
1038 | if (op->r_id == r_id) | ||
1039 | break; | ||
1040 | if (NULL == op) | ||
1041 | return; | ||
1042 | success = ntohl (msg->success); | ||
1043 | { | ||
1044 | if (NULL != op->rvk_cb) | ||
1045 | { | ||
1046 | op->rvk_cb (op->cls, success, NULL); | ||
1047 | } | ||
1048 | GNUNET_CONTAINER_DLL_remove (h->op_head, h->op_tail, op); | ||
1049 | free_op (op); | ||
1050 | return; | ||
1051 | } | ||
1052 | GNUNET_assert (0); | ||
1053 | } | ||
1054 | |||
1055 | |||
1056 | /** | ||
1057 | * Try again to connect to the service. | ||
1058 | * | ||
1059 | * @param h handle to the reclaim service. | ||
1060 | */ | ||
1061 | static void | ||
1062 | reconnect (struct GNUNET_RECLAIM_Handle *h) | ||
1063 | { | ||
1064 | struct GNUNET_MQ_MessageHandler handlers[] = | ||
1065 | { GNUNET_MQ_hd_fixed_size (success_response, | ||
1066 | GNUNET_MESSAGE_TYPE_RECLAIM_SUCCESS_RESPONSE, | ||
1067 | struct SuccessResultMessage, | ||
1068 | h), | ||
1069 | GNUNET_MQ_hd_var_size (attribute_result, | ||
1070 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT, | ||
1071 | struct AttributeResultMessage, | ||
1072 | h), | ||
1073 | GNUNET_MQ_hd_var_size (credential_result, | ||
1074 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_RESULT, | ||
1075 | struct CredentialResultMessage, | ||
1076 | h), | ||
1077 | GNUNET_MQ_hd_var_size (ticket_result, | ||
1078 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT, | ||
1079 | struct TicketResultMessage, | ||
1080 | h), | ||
1081 | GNUNET_MQ_hd_var_size (consume_ticket_result, | ||
1082 | GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT, | ||
1083 | struct ConsumeTicketResultMessage, | ||
1084 | h), | ||
1085 | GNUNET_MQ_hd_fixed_size (revoke_ticket_result, | ||
1086 | GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT, | ||
1087 | struct RevokeTicketResultMessage, | ||
1088 | h), | ||
1089 | GNUNET_MQ_handler_end () }; | ||
1090 | struct GNUNET_RECLAIM_Operation *op; | ||
1091 | |||
1092 | GNUNET_assert (NULL == h->mq); | ||
1093 | LOG (GNUNET_ERROR_TYPE_DEBUG, "Connecting to reclaim service.\n"); | ||
1094 | |||
1095 | h->mq = | ||
1096 | GNUNET_CLIENT_connect (h->cfg, "reclaim", handlers, &mq_error_handler, h); | ||
1097 | if (NULL == h->mq) | ||
1098 | return; | ||
1099 | for (op = h->op_head; NULL != op; op = op->next) | ||
1100 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1101 | } | ||
1102 | |||
1103 | |||
1104 | /** | ||
1105 | * Connect to the reclaim service. | ||
1106 | * | ||
1107 | * @param cfg the configuration to use | ||
1108 | * @return handle to use | ||
1109 | */ | ||
1110 | struct GNUNET_RECLAIM_Handle * | ||
1111 | GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
1112 | { | ||
1113 | struct GNUNET_RECLAIM_Handle *h; | ||
1114 | |||
1115 | h = GNUNET_new (struct GNUNET_RECLAIM_Handle); | ||
1116 | h->cfg = cfg; | ||
1117 | reconnect (h); | ||
1118 | if (NULL == h->mq) | ||
1119 | { | ||
1120 | GNUNET_free (h); | ||
1121 | return NULL; | ||
1122 | } | ||
1123 | return h; | ||
1124 | } | ||
1125 | |||
1126 | |||
1127 | void | ||
1128 | GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op) | ||
1129 | { | ||
1130 | struct GNUNET_RECLAIM_Handle *h = op->h; | ||
1131 | |||
1132 | GNUNET_CONTAINER_DLL_remove (h->op_head, h->op_tail, op); | ||
1133 | free_op (op); | ||
1134 | } | ||
1135 | |||
1136 | |||
1137 | /** | ||
1138 | * Disconnect from service | ||
1139 | * | ||
1140 | * @param h handle to destroy | ||
1141 | */ | ||
1142 | void | ||
1143 | GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h) | ||
1144 | { | ||
1145 | GNUNET_assert (NULL != h); | ||
1146 | if (NULL != h->mq) | ||
1147 | { | ||
1148 | GNUNET_MQ_destroy (h->mq); | ||
1149 | h->mq = NULL; | ||
1150 | } | ||
1151 | if (NULL != h->reconnect_task) | ||
1152 | { | ||
1153 | GNUNET_SCHEDULER_cancel (h->reconnect_task); | ||
1154 | h->reconnect_task = NULL; | ||
1155 | } | ||
1156 | GNUNET_assert (NULL == h->op_head); | ||
1157 | GNUNET_free (h); | ||
1158 | } | ||
1159 | |||
1160 | |||
1161 | struct GNUNET_RECLAIM_Operation * | ||
1162 | GNUNET_RECLAIM_attribute_store ( | ||
1163 | struct GNUNET_RECLAIM_Handle *h, | ||
1164 | const struct GNUNET_CRYPTO_PrivateKey *pkey, | ||
1165 | const struct GNUNET_RECLAIM_Attribute *attr, | ||
1166 | const struct GNUNET_TIME_Relative *exp_interval, | ||
1167 | GNUNET_RECLAIM_ContinuationWithStatus cont, | ||
1168 | void *cont_cls) | ||
1169 | { | ||
1170 | struct GNUNET_RECLAIM_Operation *op; | ||
1171 | struct AttributeStoreMessage *sam; | ||
1172 | size_t attr_len; | ||
1173 | size_t key_len; | ||
1174 | ssize_t written; | ||
1175 | char *buf; | ||
1176 | |||
1177 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1178 | op->h = h; | ||
1179 | op->as_cb = cont; | ||
1180 | op->cls = cont_cls; | ||
1181 | op->r_id = h->r_id_gen++; | ||
1182 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1183 | key_len = GNUNET_CRYPTO_private_key_get_length (pkey); | ||
1184 | attr_len = GNUNET_RECLAIM_attribute_serialize_get_size (attr); | ||
1185 | op->env = GNUNET_MQ_msg_extra (sam, | ||
1186 | attr_len + key_len, | ||
1187 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE); | ||
1188 | sam->key_len = htons (key_len); | ||
1189 | buf = (char *) &sam[1]; | ||
1190 | written = GNUNET_CRYPTO_write_private_key_to_buffer (pkey, buf, key_len); | ||
1191 | GNUNET_assert (0 < written); | ||
1192 | buf += written; | ||
1193 | sam->id = htonl (op->r_id); | ||
1194 | sam->exp = GNUNET_htonll (exp_interval->rel_value_us); | ||
1195 | |||
1196 | GNUNET_RECLAIM_attribute_serialize (attr, buf); | ||
1197 | |||
1198 | sam->attr_len = htons (attr_len); | ||
1199 | if (NULL != h->mq) | ||
1200 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1201 | return op; | ||
1202 | } | ||
1203 | |||
1204 | |||
1205 | struct GNUNET_RECLAIM_Operation * | ||
1206 | GNUNET_RECLAIM_attribute_delete ( | ||
1207 | struct GNUNET_RECLAIM_Handle *h, | ||
1208 | const struct GNUNET_CRYPTO_PrivateKey *pkey, | ||
1209 | const struct GNUNET_RECLAIM_Attribute *attr, | ||
1210 | GNUNET_RECLAIM_ContinuationWithStatus cont, | ||
1211 | void *cont_cls) | ||
1212 | { | ||
1213 | struct GNUNET_RECLAIM_Operation *op; | ||
1214 | struct AttributeDeleteMessage *dam; | ||
1215 | size_t attr_len; | ||
1216 | size_t key_len; | ||
1217 | ssize_t written; | ||
1218 | char *buf; | ||
1219 | |||
1220 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1221 | op->h = h; | ||
1222 | op->as_cb = cont; | ||
1223 | op->cls = cont_cls; | ||
1224 | op->r_id = h->r_id_gen++; | ||
1225 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1226 | key_len = GNUNET_CRYPTO_private_key_get_length (pkey); | ||
1227 | attr_len = GNUNET_RECLAIM_attribute_serialize_get_size (attr); | ||
1228 | op->env = GNUNET_MQ_msg_extra (dam, | ||
1229 | attr_len + key_len, | ||
1230 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_DELETE); | ||
1231 | dam->key_len = htons (key_len); | ||
1232 | buf = (char *) &dam[1]; | ||
1233 | written = GNUNET_CRYPTO_write_private_key_to_buffer (pkey, buf, key_len); | ||
1234 | GNUNET_assert (0 < written); | ||
1235 | buf += written; | ||
1236 | dam->id = htonl (op->r_id); | ||
1237 | GNUNET_RECLAIM_attribute_serialize (attr, buf); | ||
1238 | |||
1239 | dam->attr_len = htons (attr_len); | ||
1240 | if (NULL != h->mq) | ||
1241 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1242 | return op; | ||
1243 | } | ||
1244 | |||
1245 | |||
1246 | struct GNUNET_RECLAIM_Operation * | ||
1247 | GNUNET_RECLAIM_credential_store ( | ||
1248 | struct GNUNET_RECLAIM_Handle *h, | ||
1249 | const struct GNUNET_CRYPTO_PrivateKey *pkey, | ||
1250 | const struct GNUNET_RECLAIM_Credential *credential, | ||
1251 | const struct GNUNET_TIME_Relative *exp_interval, | ||
1252 | GNUNET_RECLAIM_ContinuationWithStatus cont, | ||
1253 | void *cont_cls) | ||
1254 | { | ||
1255 | struct GNUNET_RECLAIM_Operation *op; | ||
1256 | struct AttributeStoreMessage *sam; | ||
1257 | size_t attr_len; | ||
1258 | size_t key_len; | ||
1259 | ssize_t written; | ||
1260 | char *buf; | ||
1261 | |||
1262 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1263 | op->h = h; | ||
1264 | op->as_cb = cont; | ||
1265 | op->cls = cont_cls; | ||
1266 | op->r_id = h->r_id_gen++; | ||
1267 | key_len = GNUNET_CRYPTO_private_key_get_length (pkey); | ||
1268 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1269 | attr_len = GNUNET_RECLAIM_credential_serialize_get_size (credential); | ||
1270 | op->env = GNUNET_MQ_msg_extra (sam, | ||
1271 | attr_len + key_len, | ||
1272 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_STORE); | ||
1273 | sam->key_len = htons (key_len); | ||
1274 | buf = (char *) &sam[1]; | ||
1275 | written = GNUNET_CRYPTO_write_private_key_to_buffer (pkey, buf, key_len); | ||
1276 | GNUNET_assert (0 <= written); | ||
1277 | buf += written; | ||
1278 | sam->id = htonl (op->r_id); | ||
1279 | sam->exp = GNUNET_htonll (exp_interval->rel_value_us); | ||
1280 | |||
1281 | GNUNET_RECLAIM_credential_serialize (credential, buf); | ||
1282 | |||
1283 | sam->attr_len = htons (attr_len); | ||
1284 | if (NULL != h->mq) | ||
1285 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1286 | return op; | ||
1287 | } | ||
1288 | |||
1289 | |||
1290 | struct GNUNET_RECLAIM_Operation * | ||
1291 | GNUNET_RECLAIM_credential_delete ( | ||
1292 | struct GNUNET_RECLAIM_Handle *h, | ||
1293 | const struct GNUNET_CRYPTO_PrivateKey *pkey, | ||
1294 | const struct GNUNET_RECLAIM_Credential *attr, | ||
1295 | GNUNET_RECLAIM_ContinuationWithStatus cont, | ||
1296 | void *cont_cls) | ||
1297 | { | ||
1298 | struct GNUNET_RECLAIM_Operation *op; | ||
1299 | struct AttributeDeleteMessage *dam; | ||
1300 | size_t attr_len; | ||
1301 | size_t key_len; | ||
1302 | ssize_t written; | ||
1303 | char *buf; | ||
1304 | |||
1305 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1306 | op->h = h; | ||
1307 | op->as_cb = cont; | ||
1308 | op->cls = cont_cls; | ||
1309 | op->r_id = h->r_id_gen++; | ||
1310 | key_len = GNUNET_CRYPTO_private_key_get_length (pkey); | ||
1311 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1312 | attr_len = GNUNET_RECLAIM_credential_serialize_get_size (attr); | ||
1313 | op->env = GNUNET_MQ_msg_extra (dam, | ||
1314 | attr_len + key_len, | ||
1315 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_DELETE); | ||
1316 | dam->key_len = htons (key_len); | ||
1317 | buf = (char *) &dam[1]; | ||
1318 | written = GNUNET_CRYPTO_write_private_key_to_buffer (pkey, buf, key_len); | ||
1319 | GNUNET_assert (0 <= written); | ||
1320 | buf += written; | ||
1321 | dam->id = htonl (op->r_id); | ||
1322 | GNUNET_RECLAIM_credential_serialize (attr, buf); | ||
1323 | |||
1324 | dam->attr_len = htons (attr_len); | ||
1325 | if (NULL != h->mq) | ||
1326 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1327 | return op; | ||
1328 | } | ||
1329 | |||
1330 | |||
1331 | struct GNUNET_RECLAIM_AttributeIterator * | ||
1332 | GNUNET_RECLAIM_get_attributes_start ( | ||
1333 | struct GNUNET_RECLAIM_Handle *h, | ||
1334 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1335 | GNUNET_SCHEDULER_TaskCallback error_cb, | ||
1336 | void *error_cb_cls, | ||
1337 | GNUNET_RECLAIM_AttributeResult proc, | ||
1338 | void *proc_cls, | ||
1339 | GNUNET_SCHEDULER_TaskCallback finish_cb, | ||
1340 | void *finish_cb_cls) | ||
1341 | { | ||
1342 | struct GNUNET_RECLAIM_AttributeIterator *it; | ||
1343 | struct GNUNET_MQ_Envelope *env; | ||
1344 | struct AttributeIterationStartMessage *msg; | ||
1345 | uint32_t rid; | ||
1346 | size_t key_len; | ||
1347 | |||
1348 | rid = h->r_id_gen++; | ||
1349 | it = GNUNET_new (struct GNUNET_RECLAIM_AttributeIterator); | ||
1350 | it->h = h; | ||
1351 | it->error_cb = error_cb; | ||
1352 | it->error_cb_cls = error_cb_cls; | ||
1353 | it->finish_cb = finish_cb; | ||
1354 | it->finish_cb_cls = finish_cb_cls; | ||
1355 | it->proc = proc; | ||
1356 | it->proc_cls = proc_cls; | ||
1357 | it->r_id = rid; | ||
1358 | it->identity = *identity; | ||
1359 | key_len = GNUNET_CRYPTO_private_key_get_length (identity); | ||
1360 | GNUNET_CONTAINER_DLL_insert_tail (h->it_head, h->it_tail, it); | ||
1361 | env = | ||
1362 | GNUNET_MQ_msg_extra (msg, | ||
1363 | key_len, | ||
1364 | GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START); | ||
1365 | msg->id = htonl (rid); | ||
1366 | msg->key_len = htons (key_len); | ||
1367 | GNUNET_CRYPTO_write_private_key_to_buffer (identity, &msg[1], key_len); | ||
1368 | if (NULL == h->mq) | ||
1369 | it->env = env; | ||
1370 | else | ||
1371 | GNUNET_MQ_send (h->mq, env); | ||
1372 | return it; | ||
1373 | } | ||
1374 | |||
1375 | |||
1376 | void | ||
1377 | GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it) | ||
1378 | { | ||
1379 | struct GNUNET_RECLAIM_Handle *h = it->h; | ||
1380 | struct AttributeIterationNextMessage *msg; | ||
1381 | struct GNUNET_MQ_Envelope *env; | ||
1382 | |||
1383 | env = | ||
1384 | GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT); | ||
1385 | msg->id = htonl (it->r_id); | ||
1386 | GNUNET_MQ_send (h->mq, env); | ||
1387 | } | ||
1388 | |||
1389 | |||
1390 | void | ||
1391 | GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it) | ||
1392 | { | ||
1393 | struct GNUNET_RECLAIM_Handle *h = it->h; | ||
1394 | struct GNUNET_MQ_Envelope *env; | ||
1395 | struct AttributeIterationStopMessage *msg; | ||
1396 | |||
1397 | if (NULL != h->mq) | ||
1398 | { | ||
1399 | env = | ||
1400 | GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP); | ||
1401 | msg->id = htonl (it->r_id); | ||
1402 | GNUNET_MQ_send (h->mq, env); | ||
1403 | } | ||
1404 | free_it (it); | ||
1405 | } | ||
1406 | |||
1407 | |||
1408 | struct GNUNET_RECLAIM_CredentialIterator * | ||
1409 | GNUNET_RECLAIM_get_credentials_start ( | ||
1410 | struct GNUNET_RECLAIM_Handle *h, | ||
1411 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1412 | GNUNET_SCHEDULER_TaskCallback error_cb, | ||
1413 | void *error_cb_cls, | ||
1414 | GNUNET_RECLAIM_CredentialResult proc, | ||
1415 | void *proc_cls, | ||
1416 | GNUNET_SCHEDULER_TaskCallback finish_cb, | ||
1417 | void *finish_cb_cls) | ||
1418 | { | ||
1419 | struct GNUNET_RECLAIM_CredentialIterator *ait; | ||
1420 | struct GNUNET_MQ_Envelope *env; | ||
1421 | struct CredentialIterationStartMessage *msg; | ||
1422 | uint32_t rid; | ||
1423 | size_t key_len; | ||
1424 | |||
1425 | rid = h->r_id_gen++; | ||
1426 | ait = GNUNET_new (struct GNUNET_RECLAIM_CredentialIterator); | ||
1427 | ait->h = h; | ||
1428 | ait->error_cb = error_cb; | ||
1429 | ait->error_cb_cls = error_cb_cls; | ||
1430 | ait->finish_cb = finish_cb; | ||
1431 | ait->finish_cb_cls = finish_cb_cls; | ||
1432 | ait->proc = proc; | ||
1433 | ait->proc_cls = proc_cls; | ||
1434 | ait->r_id = rid; | ||
1435 | ait->identity = *identity; | ||
1436 | key_len = GNUNET_CRYPTO_private_key_get_length (identity); | ||
1437 | GNUNET_CONTAINER_DLL_insert_tail (h->ait_head, h->ait_tail, ait); | ||
1438 | env = | ||
1439 | GNUNET_MQ_msg_extra (msg, | ||
1440 | key_len, | ||
1441 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_START); | ||
1442 | msg->id = htonl (rid); | ||
1443 | msg->key_len = htons (key_len); | ||
1444 | GNUNET_CRYPTO_write_private_key_to_buffer (identity, &msg[1], key_len); | ||
1445 | if (NULL == h->mq) | ||
1446 | ait->env = env; | ||
1447 | else | ||
1448 | GNUNET_MQ_send (h->mq, env); | ||
1449 | return ait; | ||
1450 | } | ||
1451 | |||
1452 | |||
1453 | void | ||
1454 | GNUNET_RECLAIM_get_credentials_next (struct | ||
1455 | GNUNET_RECLAIM_CredentialIterator *ait) | ||
1456 | { | ||
1457 | struct GNUNET_RECLAIM_Handle *h = ait->h; | ||
1458 | struct CredentialIterationNextMessage *msg; | ||
1459 | struct GNUNET_MQ_Envelope *env; | ||
1460 | |||
1461 | env = | ||
1462 | GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_NEXT); | ||
1463 | msg->id = htonl (ait->r_id); | ||
1464 | GNUNET_MQ_send (h->mq, env); | ||
1465 | } | ||
1466 | |||
1467 | |||
1468 | void | ||
1469 | GNUNET_RECLAIM_get_credentials_stop (struct | ||
1470 | GNUNET_RECLAIM_CredentialIterator *ait) | ||
1471 | { | ||
1472 | struct GNUNET_RECLAIM_Handle *h = ait->h; | ||
1473 | struct GNUNET_MQ_Envelope *env; | ||
1474 | struct CredentialIterationStopMessage *msg; | ||
1475 | |||
1476 | if (NULL != h->mq) | ||
1477 | { | ||
1478 | env = | ||
1479 | GNUNET_MQ_msg (msg, | ||
1480 | GNUNET_MESSAGE_TYPE_RECLAIM_CREDENTIAL_ITERATION_STOP); | ||
1481 | msg->id = htonl (ait->r_id); | ||
1482 | GNUNET_MQ_send (h->mq, env); | ||
1483 | } | ||
1484 | free_ait (ait); | ||
1485 | } | ||
1486 | |||
1487 | |||
1488 | struct GNUNET_RECLAIM_Operation * | ||
1489 | GNUNET_RECLAIM_ticket_issue ( | ||
1490 | struct GNUNET_RECLAIM_Handle *h, | ||
1491 | const struct GNUNET_CRYPTO_PrivateKey *iss, | ||
1492 | const struct GNUNET_CRYPTO_PublicKey *rp, | ||
1493 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
1494 | GNUNET_RECLAIM_IssueTicketCallback cb, | ||
1495 | void *cb_cls) | ||
1496 | { | ||
1497 | struct GNUNET_RECLAIM_Operation *op; | ||
1498 | struct IssueTicketMessage *tim; | ||
1499 | size_t attr_len; | ||
1500 | size_t key_len; | ||
1501 | size_t rpk_len; | ||
1502 | ssize_t written; | ||
1503 | char *buf; | ||
1504 | |||
1505 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1506 | op->h = h; | ||
1507 | op->ti_cb = cb; | ||
1508 | op->cls = cb_cls; | ||
1509 | op->r_id = h->r_id_gen++; | ||
1510 | key_len = GNUNET_CRYPTO_private_key_get_length (iss); | ||
1511 | rpk_len = GNUNET_CRYPTO_public_key_get_length (rp); | ||
1512 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1513 | attr_len = GNUNET_RECLAIM_attribute_list_serialize_get_size (attrs); | ||
1514 | op->env = GNUNET_MQ_msg_extra (tim, | ||
1515 | attr_len + key_len + rpk_len, | ||
1516 | GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET); | ||
1517 | tim->key_len = htons (key_len); | ||
1518 | tim->pkey_len = htons (rpk_len); | ||
1519 | buf = (char *) &tim[1]; | ||
1520 | written = GNUNET_CRYPTO_write_private_key_to_buffer (iss, buf, key_len); | ||
1521 | GNUNET_assert (0 <= written); | ||
1522 | buf += written; | ||
1523 | written = GNUNET_CRYPTO_write_public_key_to_buffer (rp, buf, rpk_len); | ||
1524 | GNUNET_assert (0 <= written); | ||
1525 | buf += written; | ||
1526 | tim->id = htonl (op->r_id); | ||
1527 | |||
1528 | GNUNET_RECLAIM_attribute_list_serialize (attrs, buf); | ||
1529 | tim->attr_len = htons (attr_len); | ||
1530 | if (NULL != h->mq) | ||
1531 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1532 | return op; | ||
1533 | } | ||
1534 | |||
1535 | |||
1536 | /** | ||
1537 | * Consumes an issued ticket. The ticket is persisted | ||
1538 | * and used to retrieve identity information from the issuer | ||
1539 | * | ||
1540 | * @param h the reclaim to use | ||
1541 | * @param identity the identity that is the subject of the issued ticket (the | ||
1542 | * relying party) | ||
1543 | * @param ticket the issued ticket to consume | ||
1544 | * @param cb the callback to call | ||
1545 | * @param cb_cls the callback closure | ||
1546 | * @return handle to abort the operation | ||
1547 | */ | ||
1548 | struct GNUNET_RECLAIM_Operation * | ||
1549 | GNUNET_RECLAIM_ticket_consume ( | ||
1550 | struct GNUNET_RECLAIM_Handle *h, | ||
1551 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1552 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
1553 | GNUNET_RECLAIM_AttributeTicketResult cb, | ||
1554 | void *cb_cls) | ||
1555 | { | ||
1556 | struct GNUNET_RECLAIM_Operation *op; | ||
1557 | struct ConsumeTicketMessage *ctm; | ||
1558 | size_t key_len; | ||
1559 | size_t tkt_len; | ||
1560 | char *buf; | ||
1561 | |||
1562 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1563 | op->h = h; | ||
1564 | op->atr_cb = cb; | ||
1565 | op->cls = cb_cls; | ||
1566 | op->r_id = h->r_id_gen++; | ||
1567 | key_len = GNUNET_CRYPTO_private_key_get_length (identity); | ||
1568 | tkt_len = GNUNET_RECLAIM_ticket_serialize_get_size (ticket); | ||
1569 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1570 | op->env = GNUNET_MQ_msg_extra (ctm, | ||
1571 | key_len + tkt_len, | ||
1572 | GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET); | ||
1573 | ctm->key_len = htons (key_len); | ||
1574 | buf = (char*) &ctm[1]; | ||
1575 | GNUNET_CRYPTO_write_private_key_to_buffer (identity, buf, key_len); | ||
1576 | buf += key_len; | ||
1577 | ctm->tkt_len = htons (tkt_len); | ||
1578 | GNUNET_RECLAIM_write_ticket_to_buffer (ticket, buf, tkt_len); | ||
1579 | ctm->id = htonl (op->r_id); | ||
1580 | if (NULL != h->mq) | ||
1581 | GNUNET_MQ_send_copy (h->mq, op->env); | ||
1582 | else | ||
1583 | reconnect (h); | ||
1584 | return op; | ||
1585 | } | ||
1586 | |||
1587 | |||
1588 | struct GNUNET_RECLAIM_TicketIterator * | ||
1589 | GNUNET_RECLAIM_ticket_iteration_start ( | ||
1590 | struct GNUNET_RECLAIM_Handle *h, | ||
1591 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1592 | GNUNET_SCHEDULER_TaskCallback error_cb, | ||
1593 | void *error_cb_cls, | ||
1594 | GNUNET_RECLAIM_TicketCallback proc, | ||
1595 | void *proc_cls, | ||
1596 | GNUNET_SCHEDULER_TaskCallback finish_cb, | ||
1597 | void *finish_cb_cls) | ||
1598 | { | ||
1599 | struct GNUNET_RECLAIM_TicketIterator *it; | ||
1600 | struct GNUNET_MQ_Envelope *env; | ||
1601 | struct TicketIterationStartMessage *msg; | ||
1602 | uint32_t rid; | ||
1603 | size_t key_len; | ||
1604 | |||
1605 | rid = h->r_id_gen++; | ||
1606 | it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator); | ||
1607 | it->h = h; | ||
1608 | it->error_cb = error_cb; | ||
1609 | it->error_cb_cls = error_cb_cls; | ||
1610 | it->finish_cb = finish_cb; | ||
1611 | it->finish_cb_cls = finish_cb_cls; | ||
1612 | it->tr_cb = proc; | ||
1613 | it->cls = proc_cls; | ||
1614 | it->r_id = rid; | ||
1615 | |||
1616 | key_len = GNUNET_CRYPTO_private_key_get_length (identity); | ||
1617 | GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head, h->ticket_it_tail, it); | ||
1618 | env = GNUNET_MQ_msg_extra (msg, | ||
1619 | key_len, | ||
1620 | GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START); | ||
1621 | msg->id = htonl (rid); | ||
1622 | msg->key_len = htons (key_len); | ||
1623 | GNUNET_CRYPTO_write_private_key_to_buffer (identity, | ||
1624 | &msg[1], | ||
1625 | key_len); | ||
1626 | if (NULL == h->mq) | ||
1627 | it->env = env; | ||
1628 | else | ||
1629 | GNUNET_MQ_send (h->mq, env); | ||
1630 | return it; | ||
1631 | } | ||
1632 | |||
1633 | |||
1634 | /** | ||
1635 | * Calls the ticket processor specified in | ||
1636 | * #GNUNET_RECLAIM_ticket_iteration_start for the next record. | ||
1637 | * | ||
1638 | * @param it the iterator | ||
1639 | */ | ||
1640 | void | ||
1641 | GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it) | ||
1642 | { | ||
1643 | struct GNUNET_RECLAIM_Handle *h = it->h; | ||
1644 | struct TicketIterationNextMessage *msg; | ||
1645 | struct GNUNET_MQ_Envelope *env; | ||
1646 | |||
1647 | env = GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT); | ||
1648 | msg->id = htonl (it->r_id); | ||
1649 | GNUNET_MQ_send (h->mq, env); | ||
1650 | } | ||
1651 | |||
1652 | |||
1653 | /** | ||
1654 | * Stops iteration and releases the handle for further calls. Must | ||
1655 | * be called on any iteration that has not yet completed prior to calling | ||
1656 | * #GNUNET_RECLAIM_disconnect. | ||
1657 | * | ||
1658 | * @param it the iterator | ||
1659 | */ | ||
1660 | void | ||
1661 | GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it) | ||
1662 | { | ||
1663 | struct GNUNET_RECLAIM_Handle *h = it->h; | ||
1664 | struct GNUNET_MQ_Envelope *env; | ||
1665 | struct TicketIterationStopMessage *msg; | ||
1666 | |||
1667 | if (NULL != h->mq) | ||
1668 | { | ||
1669 | env = | ||
1670 | GNUNET_MQ_msg (msg, GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP); | ||
1671 | msg->id = htonl (it->r_id); | ||
1672 | GNUNET_MQ_send (h->mq, env); | ||
1673 | } | ||
1674 | GNUNET_free (it); | ||
1675 | } | ||
1676 | |||
1677 | |||
1678 | /** | ||
1679 | * Revoked an issued ticket. The relying party will be unable to retrieve | ||
1680 | * attributes. Other issued tickets remain unaffected. | ||
1681 | * This includes tickets issued to other relying parties as well as to | ||
1682 | * other tickets issued to the audience specified in this ticket. | ||
1683 | * | ||
1684 | * @param h the identity provider to use | ||
1685 | * @param identity the issuing identity | ||
1686 | * @param ticket the ticket to revoke | ||
1687 | * @param cb the callback | ||
1688 | * @param cb_cls the callback closure | ||
1689 | * @return handle to abort the operation | ||
1690 | */ | ||
1691 | struct GNUNET_RECLAIM_Operation * | ||
1692 | GNUNET_RECLAIM_ticket_revoke ( | ||
1693 | struct GNUNET_RECLAIM_Handle *h, | ||
1694 | const struct GNUNET_CRYPTO_PrivateKey *identity, | ||
1695 | const struct GNUNET_RECLAIM_Ticket *ticket, | ||
1696 | GNUNET_RECLAIM_ContinuationWithStatus cb, | ||
1697 | void *cb_cls) | ||
1698 | { | ||
1699 | struct GNUNET_RECLAIM_Operation *op; | ||
1700 | struct RevokeTicketMessage *msg; | ||
1701 | uint32_t rid; | ||
1702 | size_t key_len; | ||
1703 | size_t tkt_len; | ||
1704 | ssize_t written; | ||
1705 | char *buf; | ||
1706 | |||
1707 | rid = h->r_id_gen++; | ||
1708 | op = GNUNET_new (struct GNUNET_RECLAIM_Operation); | ||
1709 | op->h = h; | ||
1710 | op->rvk_cb = cb; | ||
1711 | op->cls = cb_cls; | ||
1712 | op->r_id = rid; | ||
1713 | GNUNET_CONTAINER_DLL_insert_tail (h->op_head, h->op_tail, op); | ||
1714 | key_len = GNUNET_CRYPTO_private_key_get_length (identity); | ||
1715 | tkt_len = GNUNET_RECLAIM_ticket_serialize_get_size (ticket); | ||
1716 | op->env = GNUNET_MQ_msg_extra (msg, | ||
1717 | key_len + tkt_len, | ||
1718 | GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET); | ||
1719 | msg->id = htonl (rid); | ||
1720 | msg->key_len = htons (key_len); | ||
1721 | msg->tkt_len = htons (tkt_len); | ||
1722 | buf = (char*) &msg[1]; | ||
1723 | written = GNUNET_CRYPTO_write_private_key_to_buffer (identity, | ||
1724 | buf, | ||
1725 | key_len); | ||
1726 | GNUNET_assert (0 <= written); | ||
1727 | buf += written; | ||
1728 | GNUNET_RECLAIM_write_ticket_to_buffer (ticket, | ||
1729 | buf, | ||
1730 | tkt_len); | ||
1731 | if (NULL != h->mq) | ||
1732 | { | ||
1733 | GNUNET_MQ_send (h->mq, op->env); | ||
1734 | op->env = NULL; | ||
1735 | } | ||
1736 | return op; | ||
1737 | } | ||
1738 | |||
1739 | size_t | ||
1740 | GNUNET_RECLAIM_ticket_serialize_get_size (const struct | ||
1741 | GNUNET_RECLAIM_Ticket *tkt) | ||
1742 | { | ||
1743 | size_t size = sizeof (tkt->rnd); | ||
1744 | size += GNUNET_CRYPTO_public_key_get_length (&tkt->identity); | ||
1745 | size += GNUNET_CRYPTO_public_key_get_length (&tkt->audience); | ||
1746 | return size; | ||
1747 | } | ||
1748 | |||
1749 | enum GNUNET_GenericReturnValue | ||
1750 | GNUNET_RECLAIM_read_ticket_from_buffer (const void *buffer, | ||
1751 | size_t len, | ||
1752 | struct GNUNET_RECLAIM_Ticket *tkt, | ||
1753 | size_t *tb_read) | ||
1754 | { | ||
1755 | const char *tmp = buffer; | ||
1756 | size_t read = 0; | ||
1757 | size_t left = len; | ||
1758 | if (GNUNET_SYSERR == | ||
1759 | GNUNET_CRYPTO_read_public_key_from_buffer (tmp, | ||
1760 | left, | ||
1761 | &tkt->identity, | ||
1762 | &read)) | ||
1763 | return GNUNET_SYSERR; | ||
1764 | left -= read; | ||
1765 | tmp += read; | ||
1766 | if (GNUNET_SYSERR == | ||
1767 | GNUNET_CRYPTO_read_public_key_from_buffer (tmp, | ||
1768 | left, | ||
1769 | &tkt->audience, | ||
1770 | &read)) | ||
1771 | return GNUNET_SYSERR; | ||
1772 | left -= read; | ||
1773 | tmp += read; | ||
1774 | if (left < sizeof (tkt->rnd)) | ||
1775 | return GNUNET_SYSERR; | ||
1776 | memcpy (&tkt->rnd, tmp, sizeof (tkt->rnd)); | ||
1777 | *tb_read = tmp - (char*) buffer + sizeof (tkt->rnd); | ||
1778 | return GNUNET_OK; | ||
1779 | } | ||
1780 | |||
1781 | |||
1782 | ssize_t | ||
1783 | GNUNET_RECLAIM_write_ticket_to_buffer (const struct | ||
1784 | GNUNET_RECLAIM_Ticket *tkt, | ||
1785 | void *buffer, | ||
1786 | size_t len) | ||
1787 | { | ||
1788 | char *tmp = buffer; | ||
1789 | size_t left = len; | ||
1790 | ssize_t written = 0; | ||
1791 | written = GNUNET_CRYPTO_write_public_key_to_buffer (&tkt->identity, | ||
1792 | buffer, | ||
1793 | left); | ||
1794 | if (0 > written) | ||
1795 | return written; | ||
1796 | left -= written; | ||
1797 | tmp += written; | ||
1798 | written = GNUNET_CRYPTO_write_public_key_to_buffer (&tkt->audience, | ||
1799 | tmp, | ||
1800 | left); | ||
1801 | if (0 > written) | ||
1802 | return written; | ||
1803 | left -= written; | ||
1804 | tmp += written; | ||
1805 | if (left < sizeof (tkt->rnd)) | ||
1806 | return -1; | ||
1807 | memcpy (tmp, &tkt->rnd, sizeof (tkt->rnd)); | ||
1808 | return tmp - (char*) buffer + sizeof (tkt->rnd); | ||
1809 | } | ||
1810 | |||
1811 | |||
1812 | |||
1813 | /* end of reclaim_api.c */ | ||
diff --git a/src/reclaim/reclaim_attribute.c b/src/reclaim/reclaim_attribute.c deleted file mode 100644 index b235ed945..000000000 --- a/src/reclaim/reclaim_attribute.c +++ /dev/null | |||
@@ -1,547 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim-attribute/reclaim_attribute.c | ||
23 | * @brief helper library to manage identity attributes | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_reclaim_plugin.h" | ||
29 | #include "reclaim_attribute.h" | ||
30 | |||
31 | |||
32 | /** | ||
33 | * Handle for a plugin | ||
34 | */ | ||
35 | struct Plugin | ||
36 | { | ||
37 | /** | ||
38 | * Name of the plugin | ||
39 | */ | ||
40 | char *library_name; | ||
41 | |||
42 | /** | ||
43 | * Plugin API | ||
44 | */ | ||
45 | struct GNUNET_RECLAIM_AttributePluginFunctions *api; | ||
46 | }; | ||
47 | |||
48 | |||
49 | /** | ||
50 | * Plugins | ||
51 | */ | ||
52 | static struct Plugin **attr_plugins; | ||
53 | |||
54 | |||
55 | /** | ||
56 | * Number of plugins | ||
57 | */ | ||
58 | static unsigned int num_plugins; | ||
59 | |||
60 | |||
61 | /** | ||
62 | * Init canary | ||
63 | */ | ||
64 | static int initialized; | ||
65 | |||
66 | |||
67 | /** | ||
68 | * Add a plugin | ||
69 | * | ||
70 | * @param cls closure | ||
71 | * @param library_name name of the API library | ||
72 | * @param lib_ret the plugin API pointer | ||
73 | */ | ||
74 | static void | ||
75 | add_plugin (void *cls, const char *library_name, void *lib_ret) | ||
76 | { | ||
77 | struct GNUNET_RECLAIM_AttributePluginFunctions *api = lib_ret; | ||
78 | struct Plugin *plugin; | ||
79 | |||
80 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
81 | "Loading attribute plugin `%s'\n", | ||
82 | library_name); | ||
83 | plugin = GNUNET_new (struct Plugin); | ||
84 | plugin->api = api; | ||
85 | plugin->library_name = GNUNET_strdup (library_name); | ||
86 | GNUNET_array_append (attr_plugins, num_plugins, plugin); | ||
87 | } | ||
88 | |||
89 | |||
90 | /** | ||
91 | * Load plugins | ||
92 | */ | ||
93 | static void | ||
94 | init () | ||
95 | { | ||
96 | if (GNUNET_YES == initialized) | ||
97 | return; | ||
98 | initialized = GNUNET_YES; | ||
99 | GNUNET_PLUGIN_load_all_in_context (GNUNET_OS_project_data_default (), | ||
100 | "libgnunet_plugin_reclaim_attribute_", | ||
101 | NULL, | ||
102 | &add_plugin, | ||
103 | NULL); | ||
104 | } | ||
105 | |||
106 | /** | ||
107 | * Dual function to #init(). | ||
108 | */ | ||
109 | void __attribute__ ((destructor)) | ||
110 | RECLAIM_ATTRIBUTE_fini () | ||
111 | { | ||
112 | struct Plugin *plugin; | ||
113 | const struct GNUNET_OS_ProjectData *pd = GNUNET_OS_project_data_get (); | ||
114 | const struct GNUNET_OS_ProjectData *dpd = GNUNET_OS_project_data_default (); | ||
115 | |||
116 | if (pd != dpd) | ||
117 | GNUNET_OS_init (dpd); | ||
118 | |||
119 | for (unsigned int i = 0; i < num_plugins; i++) | ||
120 | { | ||
121 | plugin = attr_plugins[i]; | ||
122 | GNUNET_break (NULL == | ||
123 | GNUNET_PLUGIN_unload (plugin->library_name, | ||
124 | plugin->api)); | ||
125 | GNUNET_free (plugin->library_name); | ||
126 | GNUNET_free (plugin); | ||
127 | } | ||
128 | GNUNET_free (attr_plugins); | ||
129 | |||
130 | if (pd != dpd) | ||
131 | GNUNET_OS_init (pd); | ||
132 | |||
133 | attr_plugins = NULL; | ||
134 | } | ||
135 | |||
136 | |||
137 | |||
138 | /** | ||
139 | * Convert a type name to the corresponding number | ||
140 | * | ||
141 | * @param typename name to convert | ||
142 | * @return corresponding number, UINT32_MAX on error | ||
143 | */ | ||
144 | uint32_t | ||
145 | GNUNET_RECLAIM_attribute_typename_to_number (const char *typename) | ||
146 | { | ||
147 | unsigned int i; | ||
148 | struct Plugin *plugin; | ||
149 | uint32_t ret; | ||
150 | |||
151 | init (); | ||
152 | for (i = 0; i < num_plugins; i++) | ||
153 | { | ||
154 | plugin = attr_plugins[i]; | ||
155 | if (UINT32_MAX != | ||
156 | (ret = plugin->api->typename_to_number (plugin->api->cls, typename))) | ||
157 | return ret; | ||
158 | } | ||
159 | return UINT32_MAX; | ||
160 | } | ||
161 | |||
162 | |||
163 | /** | ||
164 | * Convert a type number to the corresponding type string | ||
165 | * | ||
166 | * @param type number of a type | ||
167 | * @return corresponding typestring, NULL on error | ||
168 | */ | ||
169 | const char * | ||
170 | GNUNET_RECLAIM_attribute_number_to_typename (uint32_t type) | ||
171 | { | ||
172 | unsigned int i; | ||
173 | struct Plugin *plugin; | ||
174 | const char *ret; | ||
175 | |||
176 | init (); | ||
177 | for (i = 0; i < num_plugins; i++) | ||
178 | { | ||
179 | plugin = attr_plugins[i]; | ||
180 | if (NULL != | ||
181 | (ret = plugin->api->number_to_typename (plugin->api->cls, type))) | ||
182 | return ret; | ||
183 | } | ||
184 | return NULL; | ||
185 | } | ||
186 | |||
187 | |||
188 | /** | ||
189 | * Convert human-readable version of a 'claim' of an attribute to the binary | ||
190 | * representation | ||
191 | * | ||
192 | * @param type type of the claim | ||
193 | * @param s human-readable string | ||
194 | * @param data set to value in binary encoding (will be allocated) | ||
195 | * @param data_size set to number of bytes in @a data | ||
196 | * @return #GNUNET_OK on success | ||
197 | */ | ||
198 | int | ||
199 | GNUNET_RECLAIM_attribute_string_to_value (uint32_t type, | ||
200 | const char *s, | ||
201 | void **data, | ||
202 | size_t *data_size) | ||
203 | { | ||
204 | unsigned int i; | ||
205 | struct Plugin *plugin; | ||
206 | |||
207 | init (); | ||
208 | for (i = 0; i < num_plugins; i++) | ||
209 | { | ||
210 | plugin = attr_plugins[i]; | ||
211 | if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, | ||
212 | type, | ||
213 | s, | ||
214 | data, | ||
215 | data_size)) | ||
216 | return GNUNET_OK; | ||
217 | } | ||
218 | return GNUNET_SYSERR; | ||
219 | } | ||
220 | |||
221 | |||
222 | /** | ||
223 | * Convert the 'claim' of an attribute to a string | ||
224 | * | ||
225 | * @param type the type of attribute | ||
226 | * @param data claim in binary encoding | ||
227 | * @param data_size number of bytes in @a data | ||
228 | * @return NULL on error, otherwise human-readable representation of the claim | ||
229 | */ | ||
230 | char * | ||
231 | GNUNET_RECLAIM_attribute_value_to_string (uint32_t type, | ||
232 | const void *data, | ||
233 | size_t data_size) | ||
234 | { | ||
235 | unsigned int i; | ||
236 | struct Plugin *plugin; | ||
237 | char *ret; | ||
238 | |||
239 | init (); | ||
240 | for (i = 0; i < num_plugins; i++) | ||
241 | { | ||
242 | plugin = attr_plugins[i]; | ||
243 | if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, | ||
244 | type, | ||
245 | data, | ||
246 | data_size))) | ||
247 | return ret; | ||
248 | } | ||
249 | return NULL; | ||
250 | } | ||
251 | |||
252 | |||
253 | struct GNUNET_RECLAIM_Attribute * | ||
254 | GNUNET_RECLAIM_attribute_new (const char *attr_name, | ||
255 | const struct | ||
256 | GNUNET_RECLAIM_Identifier *credential, | ||
257 | uint32_t type, | ||
258 | const void *data, | ||
259 | size_t data_size) | ||
260 | { | ||
261 | struct GNUNET_RECLAIM_Attribute *attr; | ||
262 | char *write_ptr; | ||
263 | char *attr_name_tmp = GNUNET_strdup (attr_name); | ||
264 | |||
265 | GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp); | ||
266 | |||
267 | attr = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Attribute) | ||
268 | + strlen (attr_name_tmp) + 1 + data_size); | ||
269 | if (NULL != credential) | ||
270 | attr->credential = *credential; | ||
271 | attr->type = type; | ||
272 | attr->data_size = data_size; | ||
273 | attr->flag = 0; | ||
274 | write_ptr = (char *) &attr[1]; | ||
275 | GNUNET_memcpy (write_ptr, attr_name_tmp, strlen (attr_name_tmp) + 1); | ||
276 | attr->name = write_ptr; | ||
277 | write_ptr += strlen (attr->name) + 1; | ||
278 | GNUNET_memcpy (write_ptr, data, data_size); | ||
279 | attr->data = write_ptr; | ||
280 | GNUNET_free (attr_name_tmp); | ||
281 | return attr; | ||
282 | } | ||
283 | |||
284 | |||
285 | void | ||
286 | GNUNET_RECLAIM_attribute_list_add ( | ||
287 | struct GNUNET_RECLAIM_AttributeList *al, | ||
288 | const char *attr_name, | ||
289 | const struct GNUNET_RECLAIM_Identifier *credential, | ||
290 | uint32_t type, | ||
291 | const void *data, | ||
292 | size_t data_size) | ||
293 | { | ||
294 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
295 | |||
296 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
297 | ale->attribute = | ||
298 | GNUNET_RECLAIM_attribute_new (attr_name, credential, | ||
299 | type, data, data_size); | ||
300 | GNUNET_CONTAINER_DLL_insert (al->list_head, | ||
301 | al->list_tail, | ||
302 | ale); | ||
303 | } | ||
304 | |||
305 | |||
306 | /** | ||
307 | * Get required size for serialization buffer | ||
308 | * | ||
309 | * @param attrs the attribute list to serialize | ||
310 | * @return the required buffer size | ||
311 | */ | ||
312 | size_t | ||
313 | GNUNET_RECLAIM_attribute_list_serialize_get_size ( | ||
314 | const struct GNUNET_RECLAIM_AttributeList *al) | ||
315 | { | ||
316 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
317 | size_t len = 0; | ||
318 | |||
319 | for (ale = al->list_head; NULL != ale; ale = ale->next) | ||
320 | { | ||
321 | GNUNET_assert (NULL != ale->attribute); | ||
322 | len += GNUNET_RECLAIM_attribute_serialize_get_size (ale->attribute); | ||
323 | } | ||
324 | return len; | ||
325 | } | ||
326 | |||
327 | |||
328 | size_t | ||
329 | GNUNET_RECLAIM_attribute_list_serialize ( | ||
330 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
331 | char *result) | ||
332 | { | ||
333 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
334 | size_t len; | ||
335 | size_t total_len; | ||
336 | char *write_ptr; | ||
337 | write_ptr = result; | ||
338 | total_len = 0; | ||
339 | for (ale = attrs->list_head; NULL != ale; ale = ale->next) | ||
340 | { | ||
341 | GNUNET_assert (NULL != ale->attribute); | ||
342 | len = GNUNET_RECLAIM_attribute_serialize (ale->attribute, write_ptr); | ||
343 | total_len += len; | ||
344 | write_ptr += len; | ||
345 | } | ||
346 | return total_len; | ||
347 | } | ||
348 | |||
349 | |||
350 | /** | ||
351 | * Deserialize an attribute list | ||
352 | * | ||
353 | * @param data the serialized attribute list | ||
354 | * @param data_size the length of the serialized data | ||
355 | * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller | ||
356 | */ | ||
357 | struct GNUNET_RECLAIM_AttributeList * | ||
358 | GNUNET_RECLAIM_attribute_list_deserialize (const char *data, size_t data_size) | ||
359 | { | ||
360 | struct GNUNET_RECLAIM_AttributeList *al; | ||
361 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
362 | size_t attr_len; | ||
363 | const char *read_ptr; | ||
364 | size_t left = data_size; | ||
365 | |||
366 | al = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
367 | if (data_size < sizeof(struct Attribute)) | ||
368 | return al; | ||
369 | read_ptr = data; | ||
370 | while (left >= sizeof(struct Attribute)) | ||
371 | { | ||
372 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
373 | attr_len = | ||
374 | GNUNET_RECLAIM_attribute_deserialize (read_ptr, | ||
375 | left, | ||
376 | &ale->attribute); | ||
377 | if (-1 == attr_len) | ||
378 | { | ||
379 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
380 | "Failed to deserialize malformed attribute.\n"); | ||
381 | GNUNET_free (ale); | ||
382 | return al; | ||
383 | } | ||
384 | left -= attr_len; | ||
385 | GNUNET_CONTAINER_DLL_insert (al->list_head, al->list_tail, ale); | ||
386 | read_ptr += attr_len; | ||
387 | } | ||
388 | return al; | ||
389 | } | ||
390 | |||
391 | |||
392 | struct GNUNET_RECLAIM_AttributeList * | ||
393 | GNUNET_RECLAIM_attribute_list_dup ( | ||
394 | const struct GNUNET_RECLAIM_AttributeList *attrs) | ||
395 | { | ||
396 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
397 | struct GNUNET_RECLAIM_AttributeListEntry *result_ale; | ||
398 | struct GNUNET_RECLAIM_AttributeList *result; | ||
399 | |||
400 | result = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
401 | for (ale = attrs->list_head; NULL != ale; ale = ale->next) | ||
402 | { | ||
403 | result_ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
404 | GNUNET_assert (NULL != ale->attribute); | ||
405 | { | ||
406 | result_ale->attribute = | ||
407 | GNUNET_RECLAIM_attribute_new (ale->attribute->name, | ||
408 | &ale->attribute->credential, | ||
409 | ale->attribute->type, | ||
410 | ale->attribute->data, | ||
411 | ale->attribute->data_size); | ||
412 | |||
413 | result_ale->attribute->id = ale->attribute->id; | ||
414 | result_ale->attribute->flag = ale->attribute->flag; | ||
415 | } | ||
416 | GNUNET_CONTAINER_DLL_insert (result->list_head, | ||
417 | result->list_tail, | ||
418 | result_ale); | ||
419 | } | ||
420 | return result; | ||
421 | } | ||
422 | |||
423 | |||
424 | void | ||
425 | GNUNET_RECLAIM_attribute_list_destroy ( | ||
426 | struct GNUNET_RECLAIM_AttributeList *al) | ||
427 | { | ||
428 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
429 | struct GNUNET_RECLAIM_AttributeListEntry *tmp_ale; | ||
430 | |||
431 | for (ale = al->list_head; NULL != ale;) | ||
432 | { | ||
433 | if (NULL != ale->attribute) | ||
434 | GNUNET_free (ale->attribute); | ||
435 | tmp_ale = ale; | ||
436 | ale = ale->next; | ||
437 | GNUNET_free (tmp_ale); | ||
438 | } | ||
439 | GNUNET_free (al); | ||
440 | } | ||
441 | |||
442 | |||
443 | /** | ||
444 | * Get required size for serialization buffer | ||
445 | * | ||
446 | * @param attr the attribute to serialize | ||
447 | * @return the required buffer size | ||
448 | */ | ||
449 | size_t | ||
450 | GNUNET_RECLAIM_attribute_serialize_get_size ( | ||
451 | const struct GNUNET_RECLAIM_Attribute *attr) | ||
452 | { | ||
453 | return sizeof(struct Attribute) + strlen (attr->name) + attr->data_size; | ||
454 | } | ||
455 | |||
456 | |||
457 | /** | ||
458 | * Serialize an attribute | ||
459 | * | ||
460 | * @param attr the attribute to serialize | ||
461 | * @param result the serialized attribute | ||
462 | * @return length of serialized data | ||
463 | */ | ||
464 | size_t | ||
465 | GNUNET_RECLAIM_attribute_serialize ( | ||
466 | const struct GNUNET_RECLAIM_Attribute *attr, | ||
467 | char *result) | ||
468 | { | ||
469 | size_t data_len_ser; | ||
470 | size_t name_len; | ||
471 | struct Attribute *attr_ser; | ||
472 | char *write_ptr; | ||
473 | |||
474 | attr_ser = (struct Attribute *) result; | ||
475 | attr_ser->attribute_type = htonl (attr->type); | ||
476 | attr_ser->attribute_flag = htonl (attr->flag); | ||
477 | attr_ser->attribute_id = attr->id; | ||
478 | attr_ser->credential_id = attr->credential; | ||
479 | name_len = strlen (attr->name); | ||
480 | attr_ser->name_len = htons (name_len); | ||
481 | write_ptr = (char *) &attr_ser[1]; | ||
482 | GNUNET_memcpy (write_ptr, attr->name, name_len); | ||
483 | write_ptr += name_len; | ||
484 | // TODO plugin-ize | ||
485 | // data_len_ser = plugin->serialize_attribute_value (attr, | ||
486 | // &attr_ser[1]); | ||
487 | data_len_ser = attr->data_size; | ||
488 | GNUNET_memcpy (write_ptr, attr->data, attr->data_size); | ||
489 | attr_ser->data_size = htons (data_len_ser); | ||
490 | |||
491 | return sizeof(struct Attribute) + strlen (attr->name) + attr->data_size; | ||
492 | } | ||
493 | |||
494 | |||
495 | /** | ||
496 | * Deserialize an attribute | ||
497 | * | ||
498 | * @param data the serialized attribute | ||
499 | * @param data_size the length of the serialized data | ||
500 | * | ||
501 | * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller | ||
502 | */ | ||
503 | ssize_t | ||
504 | GNUNET_RECLAIM_attribute_deserialize (const char *data, size_t data_size, | ||
505 | struct GNUNET_RECLAIM_Attribute **attr) | ||
506 | { | ||
507 | struct Attribute *attr_ser; | ||
508 | struct GNUNET_RECLAIM_Attribute *attribute; | ||
509 | size_t data_len; | ||
510 | size_t name_len; | ||
511 | char *write_ptr; | ||
512 | |||
513 | if (data_size < sizeof(struct Attribute)) | ||
514 | return -1; | ||
515 | |||
516 | attr_ser = (struct Attribute *) data; | ||
517 | data_len = ntohs (attr_ser->data_size); | ||
518 | name_len = ntohs (attr_ser->name_len); | ||
519 | if (data_size < sizeof(struct Attribute) + data_len + name_len) | ||
520 | { | ||
521 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
522 | "Buffer too small to deserialize\n"); | ||
523 | return -1; | ||
524 | } | ||
525 | attribute = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Attribute) | ||
526 | + data_len + name_len + 1); | ||
527 | attribute->type = ntohl (attr_ser->attribute_type); | ||
528 | attribute->flag = ntohl (attr_ser->attribute_flag); | ||
529 | attribute->id = attr_ser->attribute_id; | ||
530 | attribute->credential = attr_ser->credential_id; | ||
531 | attribute->data_size = data_len; | ||
532 | |||
533 | write_ptr = (char *) &attribute[1]; | ||
534 | GNUNET_memcpy (write_ptr, &attr_ser[1], name_len); | ||
535 | write_ptr[name_len] = '\0'; | ||
536 | attribute->name = write_ptr; | ||
537 | |||
538 | write_ptr += name_len + 1; | ||
539 | GNUNET_memcpy (write_ptr, (char *) &attr_ser[1] + name_len, | ||
540 | attribute->data_size); | ||
541 | *attr = attribute; | ||
542 | attribute->data = write_ptr; | ||
543 | return sizeof(struct Attribute) + data_len + name_len; | ||
544 | } | ||
545 | |||
546 | |||
547 | /* end of reclaim_attribute.c */ | ||
diff --git a/src/reclaim/reclaim_attribute.h b/src/reclaim/reclaim_attribute.h deleted file mode 100644 index 44d85e61c..000000000 --- a/src/reclaim/reclaim_attribute.h +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file reclaim-attribute/reclaim_attribute.h | ||
23 | * @brief GNUnet reclaim identity attributes | ||
24 | * | ||
25 | */ | ||
26 | #ifndef RECLAIM_ATTRIBUTE_H | ||
27 | #define RECLAIM_ATTRIBUTE_H | ||
28 | |||
29 | #include "gnunet_reclaim_service.h" | ||
30 | |||
31 | GNUNET_NETWORK_STRUCT_BEGIN | ||
32 | |||
33 | /** | ||
34 | * Serialized claim | ||
35 | */ | ||
36 | struct Attribute | ||
37 | { | ||
38 | /** | ||
39 | * Attribute type | ||
40 | */ | ||
41 | uint32_t attribute_type GNUNET_PACKED; | ||
42 | |||
43 | /** | ||
44 | * Attribute flag | ||
45 | */ | ||
46 | uint32_t attribute_flag GNUNET_PACKED; | ||
47 | |||
48 | /** | ||
49 | * Attribute ID | ||
50 | */ | ||
51 | struct GNUNET_RECLAIM_Identifier attribute_id; | ||
52 | |||
53 | /** | ||
54 | * Credential ID | ||
55 | */ | ||
56 | struct GNUNET_RECLAIM_Identifier credential_id; | ||
57 | |||
58 | /** | ||
59 | * Reserved (alignment) | ||
60 | */ | ||
61 | uint16_t reserved_nl GNUNET_PACKED; | ||
62 | |||
63 | /** | ||
64 | * Name length | ||
65 | */ | ||
66 | uint16_t name_len GNUNET_PACKED; | ||
67 | |||
68 | /** | ||
69 | * Reserved (alignment) | ||
70 | */ | ||
71 | uint16_t reserved_ds GNUNET_PACKED; | ||
72 | |||
73 | /** | ||
74 | * Data size | ||
75 | */ | ||
76 | uint16_t data_size GNUNET_PACKED; | ||
77 | |||
78 | // followed by data_size Attribute value data | ||
79 | }; | ||
80 | |||
81 | GNUNET_NETWORK_STRUCT_BEGIN | ||
82 | |||
83 | #endif | ||
diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c deleted file mode 100644 index 1aad261a1..000000000 --- a/src/reclaim/reclaim_credential.c +++ /dev/null | |||
@@ -1,1004 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/reclaim_credential.c | ||
23 | * @brief helper library to manage identity attribute credentials | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_reclaim_plugin.h" | ||
29 | #include "reclaim_credential.h" | ||
30 | |||
31 | |||
32 | /** | ||
33 | * Handle for a plugin | ||
34 | */ | ||
35 | struct Plugin | ||
36 | { | ||
37 | /** | ||
38 | * Name of the plugin | ||
39 | */ | ||
40 | char *library_name; | ||
41 | |||
42 | /** | ||
43 | * Plugin API | ||
44 | */ | ||
45 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api; | ||
46 | }; | ||
47 | |||
48 | |||
49 | /** | ||
50 | * Plugins | ||
51 | */ | ||
52 | static struct Plugin **credential_plugins; | ||
53 | |||
54 | |||
55 | /** | ||
56 | * Number of plugins | ||
57 | */ | ||
58 | static unsigned int num_plugins; | ||
59 | |||
60 | |||
61 | /** | ||
62 | * Init canary | ||
63 | */ | ||
64 | static int initialized; | ||
65 | |||
66 | |||
67 | /** | ||
68 | * Add a plugin | ||
69 | * | ||
70 | * @param cls closure | ||
71 | * @param library_name name of the API library | ||
72 | * @param lib_ret the plugin API pointer | ||
73 | */ | ||
74 | static void | ||
75 | add_plugin (void *cls, const char *library_name, void *lib_ret) | ||
76 | { | ||
77 | struct GNUNET_RECLAIM_CredentialPluginFunctions *api = lib_ret; | ||
78 | struct Plugin *plugin; | ||
79 | |||
80 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
81 | "Loading credential plugin `%s'\n", | ||
82 | library_name); | ||
83 | plugin = GNUNET_new (struct Plugin); | ||
84 | plugin->api = api; | ||
85 | plugin->library_name = GNUNET_strdup (library_name); | ||
86 | GNUNET_array_append (credential_plugins, num_plugins, plugin); | ||
87 | } | ||
88 | |||
89 | |||
90 | /** | ||
91 | * Load plugins | ||
92 | */ | ||
93 | static void | ||
94 | init () | ||
95 | { | ||
96 | if (GNUNET_YES == initialized) | ||
97 | return; | ||
98 | initialized = GNUNET_YES; | ||
99 | GNUNET_PLUGIN_load_all_in_context (GNUNET_OS_project_data_default (), | ||
100 | "libgnunet_plugin_reclaim_credential_", | ||
101 | NULL, | ||
102 | &add_plugin, | ||
103 | NULL); | ||
104 | } | ||
105 | |||
106 | |||
107 | /** | ||
108 | * Dual function to #init(). | ||
109 | */ | ||
110 | void __attribute__ ((destructor)) | ||
111 | RECLAIM_CREDENTIAL_fini () | ||
112 | { | ||
113 | struct Plugin *plugin; | ||
114 | const struct GNUNET_OS_ProjectData *pd = GNUNET_OS_project_data_get (); | ||
115 | const struct GNUNET_OS_ProjectData *dpd = GNUNET_OS_project_data_default (); | ||
116 | |||
117 | if (pd != dpd) | ||
118 | GNUNET_OS_init (dpd); | ||
119 | |||
120 | for (unsigned int i = 0; i < num_plugins; i++) | ||
121 | { | ||
122 | plugin = credential_plugins[i]; | ||
123 | GNUNET_break (NULL == | ||
124 | GNUNET_PLUGIN_unload (plugin->library_name, | ||
125 | plugin->api)); | ||
126 | GNUNET_free (plugin->library_name); | ||
127 | GNUNET_free (plugin); | ||
128 | } | ||
129 | GNUNET_free (credential_plugins); | ||
130 | |||
131 | if (pd != dpd) | ||
132 | GNUNET_OS_init (pd); | ||
133 | |||
134 | credential_plugins = NULL; | ||
135 | } | ||
136 | |||
137 | |||
138 | /** | ||
139 | * Convert an credential type name to the corresponding number | ||
140 | * | ||
141 | * @param typename name to convert | ||
142 | * @return corresponding number, UINT32_MAX on error | ||
143 | */ | ||
144 | uint32_t | ||
145 | GNUNET_RECLAIM_credential_typename_to_number (const char *typename) | ||
146 | { | ||
147 | unsigned int i; | ||
148 | struct Plugin *plugin; | ||
149 | uint32_t ret; | ||
150 | init (); | ||
151 | for (i = 0; i < num_plugins; i++) | ||
152 | { | ||
153 | plugin = credential_plugins[i]; | ||
154 | if (UINT32_MAX != | ||
155 | (ret = plugin->api->typename_to_number (plugin->api->cls, | ||
156 | typename))) | ||
157 | return ret; | ||
158 | } | ||
159 | return UINT32_MAX; | ||
160 | } | ||
161 | |||
162 | |||
163 | /** | ||
164 | * Convert an credential type number to the corresponding credential type string | ||
165 | * | ||
166 | * @param type number of a type | ||
167 | * @return corresponding typestring, NULL on error | ||
168 | */ | ||
169 | const char * | ||
170 | GNUNET_RECLAIM_credential_number_to_typename (uint32_t type) | ||
171 | { | ||
172 | unsigned int i; | ||
173 | struct Plugin *plugin; | ||
174 | const char *ret; | ||
175 | |||
176 | init (); | ||
177 | for (i = 0; i < num_plugins; i++) | ||
178 | { | ||
179 | plugin = credential_plugins[i]; | ||
180 | if (NULL != | ||
181 | (ret = plugin->api->number_to_typename (plugin->api->cls, type))) | ||
182 | return ret; | ||
183 | } | ||
184 | return NULL; | ||
185 | } | ||
186 | |||
187 | |||
188 | /** | ||
189 | * Convert human-readable version of a 'claim' of an credential to the binary | ||
190 | * representation | ||
191 | * | ||
192 | * @param type type of the claim | ||
193 | * @param s human-readable string | ||
194 | * @param data set to value in binary encoding (will be allocated) | ||
195 | * @param data_size set to number of bytes in @a data | ||
196 | * @return #GNUNET_OK on success | ||
197 | */ | ||
198 | int | ||
199 | GNUNET_RECLAIM_credential_string_to_value (uint32_t type, | ||
200 | const char *s, | ||
201 | void **data, | ||
202 | size_t *data_size) | ||
203 | { | ||
204 | unsigned int i; | ||
205 | struct Plugin *plugin; | ||
206 | |||
207 | init (); | ||
208 | for (i = 0; i < num_plugins; i++) | ||
209 | { | ||
210 | plugin = credential_plugins[i]; | ||
211 | if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls, | ||
212 | type, | ||
213 | s, | ||
214 | data, | ||
215 | data_size)) | ||
216 | return GNUNET_OK; | ||
217 | } | ||
218 | return GNUNET_SYSERR; | ||
219 | } | ||
220 | |||
221 | |||
222 | /** | ||
223 | * Convert the 'claim' of an credential to a string | ||
224 | * | ||
225 | * @param type the type of credential | ||
226 | * @param data claim in binary encoding | ||
227 | * @param data_size number of bytes in @a data | ||
228 | * @return NULL on error, otherwise human-readable representation of the claim | ||
229 | */ | ||
230 | char * | ||
231 | GNUNET_RECLAIM_credential_value_to_string (uint32_t type, | ||
232 | const void *data, | ||
233 | size_t data_size) | ||
234 | { | ||
235 | unsigned int i; | ||
236 | struct Plugin *plugin; | ||
237 | char *ret; | ||
238 | |||
239 | init (); | ||
240 | for (i = 0; i < num_plugins; i++) | ||
241 | { | ||
242 | plugin = credential_plugins[i]; | ||
243 | if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls, | ||
244 | type, | ||
245 | data, | ||
246 | data_size))) | ||
247 | return ret; | ||
248 | } | ||
249 | return NULL; | ||
250 | } | ||
251 | |||
252 | |||
253 | struct GNUNET_RECLAIM_Credential * | ||
254 | GNUNET_RECLAIM_credential_new (const char *attr_name, | ||
255 | uint32_t type, | ||
256 | const void *data, | ||
257 | size_t data_size) | ||
258 | { | ||
259 | struct GNUNET_RECLAIM_Credential *attr; | ||
260 | char *write_ptr; | ||
261 | char *attr_name_tmp = GNUNET_strdup (attr_name); | ||
262 | |||
263 | GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp); | ||
264 | |||
265 | attr = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Credential) | ||
266 | + strlen (attr_name_tmp) + 1 + data_size); | ||
267 | attr->type = type; | ||
268 | attr->data_size = data_size; | ||
269 | attr->flag = 0; | ||
270 | write_ptr = (char *) &attr[1]; | ||
271 | GNUNET_memcpy (write_ptr, attr_name_tmp, strlen (attr_name_tmp) + 1); | ||
272 | attr->name = write_ptr; | ||
273 | write_ptr += strlen (attr->name) + 1; | ||
274 | GNUNET_memcpy (write_ptr, data, data_size); | ||
275 | attr->data = write_ptr; | ||
276 | GNUNET_free (attr_name_tmp); | ||
277 | return attr; | ||
278 | } | ||
279 | |||
280 | |||
281 | /** | ||
282 | * Get required size for serialization buffer | ||
283 | * | ||
284 | * @param attrs the attribute list to serialize | ||
285 | * @return the required buffer size | ||
286 | */ | ||
287 | size_t | ||
288 | GNUNET_RECLAIM_credential_list_serialize_get_size ( | ||
289 | const struct GNUNET_RECLAIM_CredentialList *credentials) | ||
290 | { | ||
291 | struct GNUNET_RECLAIM_CredentialListEntry *le; | ||
292 | size_t len = 0; | ||
293 | |||
294 | for (le = credentials->list_head; NULL != le; le = le->next) | ||
295 | { | ||
296 | GNUNET_assert (NULL != le->credential); | ||
297 | len += GNUNET_RECLAIM_credential_serialize_get_size (le->credential); | ||
298 | len += sizeof(struct GNUNET_RECLAIM_CredentialListEntry); | ||
299 | } | ||
300 | return len; | ||
301 | } | ||
302 | |||
303 | |||
304 | size_t | ||
305 | GNUNET_RECLAIM_credential_list_serialize ( | ||
306 | const struct GNUNET_RECLAIM_CredentialList *credentials, | ||
307 | char *result) | ||
308 | { | ||
309 | struct GNUNET_RECLAIM_CredentialListEntry *le; | ||
310 | size_t len; | ||
311 | size_t total_len; | ||
312 | char *write_ptr; | ||
313 | write_ptr = result; | ||
314 | total_len = 0; | ||
315 | for (le = credentials->list_head; NULL != le; le = le->next) | ||
316 | { | ||
317 | GNUNET_assert (NULL != le->credential); | ||
318 | len = GNUNET_RECLAIM_credential_serialize (le->credential, write_ptr); | ||
319 | total_len += len; | ||
320 | write_ptr += len; | ||
321 | } | ||
322 | return total_len; | ||
323 | } | ||
324 | |||
325 | |||
326 | struct GNUNET_RECLAIM_CredentialList * | ||
327 | GNUNET_RECLAIM_credential_list_deserialize (const char *data, size_t data_size) | ||
328 | { | ||
329 | struct GNUNET_RECLAIM_CredentialList *al; | ||
330 | struct GNUNET_RECLAIM_CredentialListEntry *ale; | ||
331 | size_t att_len; | ||
332 | const char *read_ptr; | ||
333 | |||
334 | al = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); | ||
335 | |||
336 | if ((data_size < sizeof(struct | ||
337 | Credential) | ||
338 | + sizeof(struct GNUNET_RECLAIM_CredentialListEntry))) | ||
339 | return al; | ||
340 | |||
341 | read_ptr = data; | ||
342 | while (((data + data_size) - read_ptr) >= sizeof(struct Credential)) | ||
343 | { | ||
344 | ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); | ||
345 | ale->credential = | ||
346 | GNUNET_RECLAIM_credential_deserialize (read_ptr, | ||
347 | data_size - (read_ptr - data)); | ||
348 | if (NULL == ale->credential) | ||
349 | { | ||
350 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
351 | "Failed to deserialize malformed credential.\n"); | ||
352 | GNUNET_free (ale); | ||
353 | return al; | ||
354 | } | ||
355 | GNUNET_CONTAINER_DLL_insert (al->list_head, al->list_tail, ale); | ||
356 | att_len = GNUNET_RECLAIM_credential_serialize_get_size (ale->credential); | ||
357 | read_ptr += att_len; | ||
358 | } | ||
359 | return al; | ||
360 | } | ||
361 | |||
362 | |||
363 | /** | ||
364 | * Make a (deep) copy of the credential list | ||
365 | * @param attrs claim list to copy | ||
366 | * @return copied claim list | ||
367 | */ | ||
368 | struct GNUNET_RECLAIM_CredentialList * | ||
369 | GNUNET_RECLAIM_credential_list_dup ( | ||
370 | const struct GNUNET_RECLAIM_CredentialList *al) | ||
371 | { | ||
372 | struct GNUNET_RECLAIM_CredentialListEntry *ale; | ||
373 | struct GNUNET_RECLAIM_CredentialListEntry *result_ale; | ||
374 | struct GNUNET_RECLAIM_CredentialList *result; | ||
375 | |||
376 | result = GNUNET_new (struct GNUNET_RECLAIM_CredentialList); | ||
377 | for (ale = al->list_head; NULL != ale; ale = ale->next) | ||
378 | { | ||
379 | result_ale = GNUNET_new (struct GNUNET_RECLAIM_CredentialListEntry); | ||
380 | GNUNET_assert (NULL != ale->credential); | ||
381 | result_ale->credential = | ||
382 | GNUNET_RECLAIM_credential_new (ale->credential->name, | ||
383 | ale->credential->type, | ||
384 | ale->credential->data, | ||
385 | ale->credential->data_size); | ||
386 | result_ale->credential->id = ale->credential->id; | ||
387 | GNUNET_CONTAINER_DLL_insert (result->list_head, | ||
388 | result->list_tail, | ||
389 | result_ale); | ||
390 | } | ||
391 | return result; | ||
392 | } | ||
393 | |||
394 | |||
395 | void | ||
396 | GNUNET_RECLAIM_credential_list_destroy ( | ||
397 | struct GNUNET_RECLAIM_CredentialList *credentials) | ||
398 | { | ||
399 | struct GNUNET_RECLAIM_CredentialListEntry *ale; | ||
400 | struct GNUNET_RECLAIM_CredentialListEntry *tmp_ale; | ||
401 | |||
402 | for (ale = credentials->list_head; NULL != ale;) | ||
403 | { | ||
404 | if (NULL != ale->credential) | ||
405 | GNUNET_free (ale->credential); | ||
406 | tmp_ale = ale; | ||
407 | ale = ale->next; | ||
408 | GNUNET_free (tmp_ale); | ||
409 | } | ||
410 | GNUNET_free (credentials); | ||
411 | } | ||
412 | |||
413 | |||
414 | /** | ||
415 | * Get required size for serialization buffer | ||
416 | * | ||
417 | * @param attr the credential to serialize | ||
418 | * @return the required buffer size | ||
419 | */ | ||
420 | size_t | ||
421 | GNUNET_RECLAIM_credential_serialize_get_size ( | ||
422 | const struct GNUNET_RECLAIM_Credential *credential) | ||
423 | { | ||
424 | return sizeof(struct Credential) + strlen (credential->name) | ||
425 | + credential->data_size; | ||
426 | } | ||
427 | |||
428 | |||
429 | size_t | ||
430 | GNUNET_RECLAIM_credential_serialize ( | ||
431 | const struct GNUNET_RECLAIM_Credential *credential, | ||
432 | char *result) | ||
433 | { | ||
434 | size_t data_len_ser; | ||
435 | size_t name_len; | ||
436 | struct Credential *atts; | ||
437 | char *write_ptr; | ||
438 | |||
439 | atts = (struct Credential *) result; | ||
440 | atts->credential_type = htonl (credential->type); | ||
441 | atts->credential_flag = htonl (credential->flag); | ||
442 | atts->credential_id = credential->id; | ||
443 | name_len = strlen (credential->name); | ||
444 | atts->name_len = htons (name_len); | ||
445 | write_ptr = (char *) &atts[1]; | ||
446 | GNUNET_memcpy (write_ptr, credential->name, name_len); | ||
447 | write_ptr += name_len; | ||
448 | // TODO plugin-ize | ||
449 | // data_len_ser = plugin->serialize_attribute_value (attr, | ||
450 | // &attr_ser[1]); | ||
451 | data_len_ser = credential->data_size; | ||
452 | GNUNET_memcpy (write_ptr, credential->data, credential->data_size); | ||
453 | atts->data_size = htons (data_len_ser); | ||
454 | |||
455 | return sizeof(struct Credential) + strlen (credential->name) | ||
456 | + credential->data_size; | ||
457 | } | ||
458 | |||
459 | |||
460 | /** | ||
461 | * Deserialize an credential | ||
462 | * | ||
463 | * @param data the serialized credential | ||
464 | * @param data_size the length of the serialized data | ||
465 | * | ||
466 | * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller | ||
467 | */ | ||
468 | struct GNUNET_RECLAIM_Credential * | ||
469 | GNUNET_RECLAIM_credential_deserialize (const char *data, size_t data_size) | ||
470 | { | ||
471 | struct GNUNET_RECLAIM_Credential *credential; | ||
472 | struct Credential *atts; | ||
473 | size_t data_len; | ||
474 | size_t name_len; | ||
475 | char *write_ptr; | ||
476 | |||
477 | if (data_size < sizeof(struct Credential)) | ||
478 | return NULL; | ||
479 | |||
480 | atts = (struct Credential *) data; | ||
481 | data_len = ntohs (atts->data_size); | ||
482 | name_len = ntohs (atts->name_len); | ||
483 | if (data_size < sizeof(struct Credential) + data_len + name_len) | ||
484 | { | ||
485 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
486 | "Buffer too small to deserialize\n"); | ||
487 | return NULL; | ||
488 | } | ||
489 | credential = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Credential) | ||
490 | + data_len + name_len + 1); | ||
491 | credential->type = ntohl (atts->credential_type); | ||
492 | credential->flag = ntohl (atts->credential_flag); | ||
493 | credential->id = atts->credential_id; | ||
494 | credential->data_size = data_len; | ||
495 | |||
496 | write_ptr = (char *) &credential[1]; | ||
497 | GNUNET_memcpy (write_ptr, &atts[1], name_len); | ||
498 | write_ptr[name_len] = '\0'; | ||
499 | credential->name = write_ptr; | ||
500 | |||
501 | write_ptr += name_len + 1; | ||
502 | GNUNET_memcpy (write_ptr, (char *) &atts[1] + name_len, | ||
503 | credential->data_size); | ||
504 | credential->data = write_ptr; | ||
505 | return credential; | ||
506 | } | ||
507 | |||
508 | |||
509 | struct GNUNET_RECLAIM_AttributeList* | ||
510 | GNUNET_RECLAIM_credential_get_attributes (const struct | ||
511 | GNUNET_RECLAIM_Credential *credential) | ||
512 | { | ||
513 | unsigned int i; | ||
514 | struct Plugin *plugin; | ||
515 | struct GNUNET_RECLAIM_AttributeList *ret; | ||
516 | init (); | ||
517 | for (i = 0; i < num_plugins; i++) | ||
518 | { | ||
519 | plugin = credential_plugins[i]; | ||
520 | if (NULL != | ||
521 | (ret = plugin->api->get_attributes (plugin->api->cls, | ||
522 | credential))) | ||
523 | return ret; | ||
524 | } | ||
525 | return NULL; | ||
526 | } | ||
527 | |||
528 | |||
529 | char* | ||
530 | GNUNET_RECLAIM_credential_get_issuer (const struct | ||
531 | GNUNET_RECLAIM_Credential *credential) | ||
532 | { | ||
533 | unsigned int i; | ||
534 | struct Plugin *plugin; | ||
535 | char *ret; | ||
536 | init (); | ||
537 | for (i = 0; i < num_plugins; i++) | ||
538 | { | ||
539 | plugin = credential_plugins[i]; | ||
540 | if (NULL != | ||
541 | (ret = plugin->api->get_issuer (plugin->api->cls, | ||
542 | credential))) | ||
543 | return ret; | ||
544 | } | ||
545 | return NULL; | ||
546 | } | ||
547 | |||
548 | |||
549 | int | ||
550 | GNUNET_RECLAIM_credential_get_expiration (const struct | ||
551 | GNUNET_RECLAIM_Credential *credential, | ||
552 | struct GNUNET_TIME_Absolute*exp) | ||
553 | { | ||
554 | unsigned int i; | ||
555 | struct Plugin *plugin; | ||
556 | init (); | ||
557 | for (i = 0; i < num_plugins; i++) | ||
558 | { | ||
559 | plugin = credential_plugins[i]; | ||
560 | if (GNUNET_OK != plugin->api->get_expiration (plugin->api->cls, | ||
561 | credential, | ||
562 | exp)) | ||
563 | continue; | ||
564 | return GNUNET_OK; | ||
565 | } | ||
566 | return GNUNET_SYSERR; | ||
567 | } | ||
568 | |||
569 | |||
570 | /** | ||
571 | * Convert an presentation type name to the corresponding number | ||
572 | * | ||
573 | * @param typename name to convert | ||
574 | * @return corresponding number, UINT32_MAX on error | ||
575 | */ | ||
576 | uint32_t | ||
577 | GNUNET_RECLAIM_presentation_typename_to_number (const char *typename) | ||
578 | { | ||
579 | unsigned int i; | ||
580 | struct Plugin *plugin; | ||
581 | uint32_t ret; | ||
582 | init (); | ||
583 | for (i = 0; i < num_plugins; i++) | ||
584 | { | ||
585 | plugin = credential_plugins[i]; | ||
586 | if (UINT32_MAX != | ||
587 | (ret = plugin->api->typename_to_number_p (plugin->api->cls, | ||
588 | typename))) | ||
589 | return ret; | ||
590 | } | ||
591 | return UINT32_MAX; | ||
592 | } | ||
593 | |||
594 | |||
595 | const char * | ||
596 | GNUNET_RECLAIM_presentation_number_to_typename (uint32_t type) | ||
597 | { | ||
598 | unsigned int i; | ||
599 | struct Plugin *plugin; | ||
600 | const char *ret; | ||
601 | |||
602 | init (); | ||
603 | for (i = 0; i < num_plugins; i++) | ||
604 | { | ||
605 | plugin = credential_plugins[i]; | ||
606 | if (NULL != | ||
607 | (ret = plugin->api->number_to_typename_p (plugin->api->cls, type))) | ||
608 | return ret; | ||
609 | } | ||
610 | return NULL; | ||
611 | } | ||
612 | |||
613 | |||
614 | /** | ||
615 | * Convert human-readable version of a 'claim' of an presentation to the binary | ||
616 | * representation | ||
617 | * | ||
618 | * @param type type of the claim | ||
619 | * @param s human-readable string | ||
620 | * @param data set to value in binary encoding (will be allocated) | ||
621 | * @param data_size set to number of bytes in @a data | ||
622 | * @return #GNUNET_OK on success | ||
623 | */ | ||
624 | int | ||
625 | GNUNET_RECLAIM_presentation_string_to_value (uint32_t type, | ||
626 | const char *s, | ||
627 | void **data, | ||
628 | size_t *data_size) | ||
629 | { | ||
630 | unsigned int i; | ||
631 | struct Plugin *plugin; | ||
632 | |||
633 | init (); | ||
634 | for (i = 0; i < num_plugins; i++) | ||
635 | { | ||
636 | plugin = credential_plugins[i]; | ||
637 | if (GNUNET_OK == plugin->api->string_to_value_p (plugin->api->cls, | ||
638 | type, | ||
639 | s, | ||
640 | data, | ||
641 | data_size)) | ||
642 | return GNUNET_OK; | ||
643 | } | ||
644 | return GNUNET_SYSERR; | ||
645 | } | ||
646 | |||
647 | |||
648 | /** | ||
649 | * Convert the 'claim' of an presentation to a string | ||
650 | * | ||
651 | * @param type the type of presentation | ||
652 | * @param data claim in binary encoding | ||
653 | * @param data_size number of bytes in @a data | ||
654 | * @return NULL on error, otherwise human-readable representation of the claim | ||
655 | */ | ||
656 | char * | ||
657 | GNUNET_RECLAIM_presentation_value_to_string (uint32_t type, | ||
658 | const void *data, | ||
659 | size_t data_size) | ||
660 | { | ||
661 | unsigned int i; | ||
662 | struct Plugin *plugin; | ||
663 | char *ret; | ||
664 | |||
665 | init (); | ||
666 | for (i = 0; i < num_plugins; i++) | ||
667 | { | ||
668 | plugin = credential_plugins[i]; | ||
669 | if (NULL != (ret = plugin->api->value_to_string_p (plugin->api->cls, | ||
670 | type, | ||
671 | data, | ||
672 | data_size))) | ||
673 | return ret; | ||
674 | } | ||
675 | return NULL; | ||
676 | } | ||
677 | |||
678 | |||
679 | struct GNUNET_RECLAIM_Presentation * | ||
680 | GNUNET_RECLAIM_presentation_new (uint32_t type, | ||
681 | const void *data, | ||
682 | size_t data_size) | ||
683 | { | ||
684 | struct GNUNET_RECLAIM_Presentation *attr; | ||
685 | char *write_ptr; | ||
686 | |||
687 | attr = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Presentation) | ||
688 | + data_size); | ||
689 | attr->type = type; | ||
690 | attr->data_size = data_size; | ||
691 | write_ptr = (char *) &attr[1]; | ||
692 | GNUNET_memcpy (write_ptr, data, data_size); | ||
693 | attr->data = write_ptr; | ||
694 | return attr; | ||
695 | } | ||
696 | |||
697 | |||
698 | /** | ||
699 | * Get required size for serialization buffer | ||
700 | * | ||
701 | * @param attrs the attribute list to serialize | ||
702 | * @return the required buffer size | ||
703 | */ | ||
704 | size_t | ||
705 | GNUNET_RECLAIM_presentation_list_serialize_get_size ( | ||
706 | const struct GNUNET_RECLAIM_PresentationList *presentations) | ||
707 | { | ||
708 | struct GNUNET_RECLAIM_PresentationListEntry *le; | ||
709 | size_t len = 0; | ||
710 | |||
711 | for (le = presentations->list_head; NULL != le; le = le->next) | ||
712 | { | ||
713 | GNUNET_assert (NULL != le->presentation); | ||
714 | len += GNUNET_RECLAIM_presentation_serialize_get_size (le->presentation); | ||
715 | } | ||
716 | return len; | ||
717 | } | ||
718 | |||
719 | |||
720 | size_t | ||
721 | GNUNET_RECLAIM_presentation_list_serialize ( | ||
722 | const struct GNUNET_RECLAIM_PresentationList *presentations, | ||
723 | char *result) | ||
724 | { | ||
725 | struct GNUNET_RECLAIM_PresentationListEntry *le; | ||
726 | size_t len; | ||
727 | size_t total_len; | ||
728 | char *write_ptr; | ||
729 | write_ptr = result; | ||
730 | total_len = 0; | ||
731 | for (le = presentations->list_head; NULL != le; le = le->next) | ||
732 | { | ||
733 | GNUNET_assert (NULL != le->presentation); | ||
734 | len = GNUNET_RECLAIM_presentation_serialize (le->presentation, write_ptr); | ||
735 | total_len += len; | ||
736 | write_ptr += len; | ||
737 | } | ||
738 | return total_len; | ||
739 | } | ||
740 | |||
741 | |||
742 | /** | ||
743 | * Deserialize an presentation list | ||
744 | * | ||
745 | * @param data the serialized attribute list | ||
746 | * @param data_size the length of the serialized data | ||
747 | * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller | ||
748 | */ | ||
749 | struct GNUNET_RECLAIM_PresentationList * | ||
750 | GNUNET_RECLAIM_presentation_list_deserialize (const char *data, size_t | ||
751 | data_size) | ||
752 | { | ||
753 | struct GNUNET_RECLAIM_PresentationList *al; | ||
754 | struct GNUNET_RECLAIM_PresentationListEntry *ale; | ||
755 | size_t att_len; | ||
756 | const char *read_ptr; | ||
757 | |||
758 | al = GNUNET_new (struct GNUNET_RECLAIM_PresentationList); | ||
759 | |||
760 | if (data_size < sizeof(struct Presentation)) | ||
761 | return al; | ||
762 | |||
763 | read_ptr = data; | ||
764 | while (((data + data_size) - read_ptr) >= sizeof(struct Presentation)) | ||
765 | { | ||
766 | ale = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | ||
767 | ale->presentation = | ||
768 | GNUNET_RECLAIM_presentation_deserialize (read_ptr, | ||
769 | data_size - (read_ptr - data)); | ||
770 | if (NULL == ale->presentation) | ||
771 | { | ||
772 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
773 | "Failed to deserialize malformed presentation.\n"); | ||
774 | GNUNET_free (ale); | ||
775 | return al; | ||
776 | } | ||
777 | GNUNET_CONTAINER_DLL_insert (al->list_head, al->list_tail, ale); | ||
778 | att_len = GNUNET_RECLAIM_presentation_serialize_get_size ( | ||
779 | ale->presentation); | ||
780 | read_ptr += att_len; | ||
781 | } | ||
782 | return al; | ||
783 | } | ||
784 | |||
785 | |||
786 | /** | ||
787 | * Make a (deep) copy of the presentation list | ||
788 | * @param attrs claim list to copy | ||
789 | * @return copied claim list | ||
790 | */ | ||
791 | struct GNUNET_RECLAIM_PresentationList * | ||
792 | GNUNET_RECLAIM_presentation_list_dup ( | ||
793 | const struct GNUNET_RECLAIM_PresentationList *al) | ||
794 | { | ||
795 | struct GNUNET_RECLAIM_PresentationListEntry *ale; | ||
796 | struct GNUNET_RECLAIM_PresentationListEntry *result_ale; | ||
797 | struct GNUNET_RECLAIM_PresentationList *result; | ||
798 | |||
799 | result = GNUNET_new (struct GNUNET_RECLAIM_PresentationList); | ||
800 | for (ale = al->list_head; NULL != ale; ale = ale->next) | ||
801 | { | ||
802 | result_ale = GNUNET_new (struct GNUNET_RECLAIM_PresentationListEntry); | ||
803 | GNUNET_assert (NULL != ale->presentation); | ||
804 | result_ale->presentation = | ||
805 | GNUNET_RECLAIM_presentation_new (ale->presentation->type, | ||
806 | ale->presentation->data, | ||
807 | ale->presentation->data_size); | ||
808 | result_ale->presentation->credential_id = ale->presentation->credential_id; | ||
809 | GNUNET_CONTAINER_DLL_insert (result->list_head, | ||
810 | result->list_tail, | ||
811 | result_ale); | ||
812 | } | ||
813 | return result; | ||
814 | } | ||
815 | |||
816 | |||
817 | void | ||
818 | GNUNET_RECLAIM_presentation_list_destroy ( | ||
819 | struct GNUNET_RECLAIM_PresentationList *presentations) | ||
820 | { | ||
821 | struct GNUNET_RECLAIM_PresentationListEntry *ale; | ||
822 | struct GNUNET_RECLAIM_PresentationListEntry *tmp_ale; | ||
823 | |||
824 | for (ale = presentations->list_head; NULL != ale;) | ||
825 | { | ||
826 | if (NULL != ale->presentation) | ||
827 | GNUNET_free (ale->presentation); | ||
828 | tmp_ale = ale; | ||
829 | ale = ale->next; | ||
830 | GNUNET_free (tmp_ale); | ||
831 | } | ||
832 | GNUNET_free (presentations); | ||
833 | } | ||
834 | |||
835 | |||
836 | /** | ||
837 | * Get required size for serialization buffer | ||
838 | * | ||
839 | * @param attr the presentation to serialize | ||
840 | * @return the required buffer size | ||
841 | */ | ||
842 | size_t | ||
843 | GNUNET_RECLAIM_presentation_serialize_get_size ( | ||
844 | const struct GNUNET_RECLAIM_Presentation *presentation) | ||
845 | { | ||
846 | return sizeof(struct Presentation) + presentation->data_size; | ||
847 | } | ||
848 | |||
849 | |||
850 | size_t | ||
851 | GNUNET_RECLAIM_presentation_serialize ( | ||
852 | const struct GNUNET_RECLAIM_Presentation *presentation, | ||
853 | char *result) | ||
854 | { | ||
855 | struct Presentation *atts; | ||
856 | char *write_ptr; | ||
857 | |||
858 | atts = (struct Presentation *) result; | ||
859 | atts->presentation_type = htonl (presentation->type); | ||
860 | atts->credential_id = presentation->credential_id; | ||
861 | write_ptr = (char *) &atts[1]; | ||
862 | GNUNET_memcpy (write_ptr, presentation->data, presentation->data_size); | ||
863 | atts->data_size = htons (presentation->data_size); | ||
864 | |||
865 | return sizeof(struct Presentation) + presentation->data_size; | ||
866 | } | ||
867 | |||
868 | |||
869 | /** | ||
870 | * Deserialize an presentation | ||
871 | * | ||
872 | * @param data the serialized presentation | ||
873 | * @param data_size the length of the serialized data | ||
874 | * | ||
875 | * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller | ||
876 | */ | ||
877 | struct GNUNET_RECLAIM_Presentation * | ||
878 | GNUNET_RECLAIM_presentation_deserialize (const char *data, size_t data_size) | ||
879 | { | ||
880 | struct GNUNET_RECLAIM_Presentation *presentation; | ||
881 | struct Presentation *atts; | ||
882 | size_t data_len; | ||
883 | char *write_ptr; | ||
884 | |||
885 | if (data_size < sizeof(struct Presentation)) | ||
886 | return NULL; | ||
887 | |||
888 | atts = (struct Presentation *) data; | ||
889 | data_len = ntohs (atts->data_size); | ||
890 | if (data_size < sizeof(struct Presentation) + data_len) | ||
891 | { | ||
892 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
893 | "Buffer too small to deserialize\n"); | ||
894 | return NULL; | ||
895 | } | ||
896 | presentation = GNUNET_malloc (sizeof(struct GNUNET_RECLAIM_Presentation) | ||
897 | + data_len); | ||
898 | presentation->type = ntohl (atts->presentation_type); | ||
899 | presentation->credential_id = atts->credential_id; | ||
900 | presentation->data_size = data_len; | ||
901 | |||
902 | write_ptr = (char *) &presentation[1]; | ||
903 | GNUNET_memcpy (write_ptr, &atts[1], data_len); | ||
904 | presentation->data = write_ptr; | ||
905 | return presentation; | ||
906 | } | ||
907 | |||
908 | |||
909 | struct GNUNET_RECLAIM_AttributeList* | ||
910 | GNUNET_RECLAIM_presentation_get_attributes (const struct | ||
911 | GNUNET_RECLAIM_Presentation * | ||
912 | presentation) | ||
913 | { | ||
914 | unsigned int i; | ||
915 | struct Plugin *plugin; | ||
916 | struct GNUNET_RECLAIM_AttributeList *ret; | ||
917 | init (); | ||
918 | for (i = 0; i < num_plugins; i++) | ||
919 | { | ||
920 | plugin = credential_plugins[i]; | ||
921 | if (NULL != | ||
922 | (ret = plugin->api->get_attributes_p (plugin->api->cls, | ||
923 | presentation))) | ||
924 | return ret; | ||
925 | } | ||
926 | return NULL; | ||
927 | } | ||
928 | |||
929 | |||
930 | char* | ||
931 | GNUNET_RECLAIM_presentation_get_issuer (const struct | ||
932 | GNUNET_RECLAIM_Presentation * | ||
933 | presentation) | ||
934 | { | ||
935 | unsigned int i; | ||
936 | struct Plugin *plugin; | ||
937 | char *ret; | ||
938 | init (); | ||
939 | for (i = 0; i < num_plugins; i++) | ||
940 | { | ||
941 | plugin = credential_plugins[i]; | ||
942 | if (NULL != | ||
943 | (ret = plugin->api->get_issuer_p (plugin->api->cls, | ||
944 | presentation))) | ||
945 | return ret; | ||
946 | } | ||
947 | return NULL; | ||
948 | } | ||
949 | |||
950 | |||
951 | int | ||
952 | GNUNET_RECLAIM_presentation_get_expiration (const struct | ||
953 | GNUNET_RECLAIM_Presentation * | ||
954 | presentation, | ||
955 | struct GNUNET_TIME_Absolute*exp) | ||
956 | { | ||
957 | unsigned int i; | ||
958 | struct Plugin *plugin; | ||
959 | init (); | ||
960 | for (i = 0; i < num_plugins; i++) | ||
961 | { | ||
962 | plugin = credential_plugins[i]; | ||
963 | if (GNUNET_OK != plugin->api->get_expiration_p (plugin->api->cls, | ||
964 | presentation, | ||
965 | exp)) | ||
966 | continue; | ||
967 | return GNUNET_OK; | ||
968 | } | ||
969 | return GNUNET_SYSERR; | ||
970 | } | ||
971 | |||
972 | |||
973 | /** | ||
974 | * Create a presentation from a credential and a lift of (selected) | ||
975 | * attributes in the credential. | ||
976 | * | ||
977 | * @param cred the credential to use | ||
978 | * @param attrs the attributes to present from the credential | ||
979 | * @return the credential presentation presenting the attributes according | ||
980 | * to the presentation mechanism of the credential | ||
981 | * or NULL on error. | ||
982 | */ | ||
983 | int | ||
984 | GNUNET_RECLAIM_credential_get_presentation ( | ||
985 | const struct GNUNET_RECLAIM_Credential *cred, | ||
986 | const struct GNUNET_RECLAIM_AttributeList *attrs, | ||
987 | struct GNUNET_RECLAIM_Presentation **presentation) | ||
988 | { | ||
989 | unsigned int i; | ||
990 | struct Plugin *plugin; | ||
991 | init (); | ||
992 | for (i = 0; i < num_plugins; i++) | ||
993 | { | ||
994 | plugin = credential_plugins[i]; | ||
995 | if (GNUNET_OK != plugin->api->create_presentation (plugin->api->cls, | ||
996 | cred, | ||
997 | attrs, | ||
998 | presentation)) | ||
999 | continue; | ||
1000 | (*presentation)->credential_id = cred->id; | ||
1001 | return GNUNET_OK; | ||
1002 | } | ||
1003 | return GNUNET_SYSERR; | ||
1004 | } | ||
diff --git a/src/reclaim/reclaim_credential.h b/src/reclaim/reclaim_credential.h deleted file mode 100644 index ffec15445..000000000 --- a/src/reclaim/reclaim_credential.h +++ /dev/null | |||
@@ -1,119 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file reclaim/reclaim_credential.h | ||
23 | * @brief GNUnet reclaim identity attribute credentials | ||
24 | * | ||
25 | */ | ||
26 | #ifndef RECLAIM_CREDENTIAL_H | ||
27 | #define RECLAIM_CREDENTIAL_H | ||
28 | |||
29 | #include "gnunet_reclaim_service.h" | ||
30 | |||
31 | /** | ||
32 | * Serialized credential claim | ||
33 | */ | ||
34 | struct Credential | ||
35 | { | ||
36 | /** | ||
37 | * Credential type | ||
38 | */ | ||
39 | uint32_t credential_type; | ||
40 | |||
41 | /** | ||
42 | * Credential flag | ||
43 | */ | ||
44 | uint32_t credential_flag; | ||
45 | |||
46 | /** | ||
47 | * Credential ID | ||
48 | */ | ||
49 | struct GNUNET_RECLAIM_Identifier credential_id; | ||
50 | |||
51 | /** | ||
52 | * Reserved (alignment) | ||
53 | */ | ||
54 | uint16_t nl_reserved; | ||
55 | |||
56 | /** | ||
57 | * Name length | ||
58 | */ | ||
59 | uint16_t name_len; | ||
60 | |||
61 | /** | ||
62 | * Reserved (alignment) | ||
63 | */ | ||
64 | uint16_t dl_reserved; | ||
65 | |||
66 | /** | ||
67 | * Data size | ||
68 | */ | ||
69 | uint16_t data_size; | ||
70 | |||
71 | // followed by data_size Credential value data | ||
72 | }; | ||
73 | |||
74 | |||
75 | /** | ||
76 | * Serialized presentation claim | ||
77 | */ | ||
78 | struct Presentation | ||
79 | { | ||
80 | /** | ||
81 | * Presentation type | ||
82 | */ | ||
83 | uint32_t presentation_type; | ||
84 | |||
85 | /** | ||
86 | * Presentation flag | ||
87 | */ | ||
88 | uint32_t presentation_flag; | ||
89 | |||
90 | /** | ||
91 | * Credential ID | ||
92 | */ | ||
93 | struct GNUNET_RECLAIM_Identifier credential_id; | ||
94 | |||
95 | /** | ||
96 | * Reserved (alignment) | ||
97 | */ | ||
98 | uint16_t reserved_nl GNUNET_PACKED; | ||
99 | |||
100 | /** | ||
101 | * Name length | ||
102 | */ | ||
103 | uint16_t name_len GNUNET_PACKED; | ||
104 | |||
105 | /** | ||
106 | * Reserved (alignment) | ||
107 | */ | ||
108 | uint16_t reserved_ds GNUNET_PACKED; | ||
109 | |||
110 | /** | ||
111 | * Data size | ||
112 | */ | ||
113 | uint16_t data_size GNUNET_PACKED; | ||
114 | |||
115 | // followed by data_size Presentation value data | ||
116 | }; | ||
117 | |||
118 | |||
119 | #endif | ||
diff --git a/src/reclaim/test_did_helper.c b/src/reclaim/test_did_helper.c deleted file mode 100644 index c11f47540..000000000 --- a/src/reclaim/test_did_helper.c +++ /dev/null | |||
@@ -1,137 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file reclaim/test_did_helper.c | ||
23 | * @brief Unit tests for the helper library for DID related functions | ||
24 | * @author Tristan Schwieren | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "gnunet_util_lib.h" | ||
29 | #include "gnunet_namestore_service.h" | ||
30 | #include "gnunet_gns_service.h" | ||
31 | #include "gnunet_gnsrecord_lib.h" | ||
32 | #include "did_helper.h" | ||
33 | #include "jansson.h" | ||
34 | |||
35 | static const char test_skey_bytes[32] = { | ||
36 | 0x9b, 0x93, 0x7b, 0x81, 0x32, 0x2d, 0x81, 0x6c, | ||
37 | 0xfa, 0xb9, 0xd5, 0xa3, 0xba, 0xac, 0xc9, 0xb2, | ||
38 | 0xa5, 0xfe, 0xbe, 0x4b, 0x14, 0x9f, 0x12, 0x6b, | ||
39 | 0x36, 0x30, 0xf9, 0x3a, 0x29, 0x52, 0x70, 0x17 | ||
40 | }; | ||
41 | |||
42 | // TODO: Create a did manual from private key / independet of implementation | ||
43 | static const char *test_did = | ||
44 | "did:gns:000G0509BYD1MPAXVSTNV0KRD1JAT0YZMPJFQNM869B66S72PSF17K4Y8G"; | ||
45 | |||
46 | static const char *test_multibase_key = | ||
47 | "u7QEJX5oaWV3edV2CeGhkrQPfpaT71ogyVmNk4rZeE8yeRA"; | ||
48 | |||
49 | static const char *test_did_document_format_str = | ||
50 | "{\"@context\":[\"https://www.w3.org/ns/did/v1\",\ | ||
51 | \"https://w3id.org/security/suites/ed25519-2020/v1\"],\ | ||
52 | \"id\":\"%s\",\ | ||
53 | \"verificationMethod\":[{\ | ||
54 | \"id\":\"%s#key-1\",\ | ||
55 | \"type\":\"Ed25519VerificationKey2020\",\ | ||
56 | \"controller\":\"%s\",\ | ||
57 | \"publicKeyMultibase\":\"%s\"}],\ | ||
58 | \"authentication\":[\"#key-1\"],\ | ||
59 | \"assertionMethod\":[\"#key-1\"]}"; | ||
60 | |||
61 | static struct GNUNET_CRYPTO_PrivateKey test_skey; | ||
62 | static struct GNUNET_CRYPTO_PublicKey test_pkey; | ||
63 | static struct json_t *test_did_document; | ||
64 | static char *test_did_document_str; | ||
65 | |||
66 | void | ||
67 | test_GNUNET_DID_pkey_to_did () | ||
68 | { | ||
69 | char *str_did; | ||
70 | str_did = DID_pkey_to_did (&test_pkey); | ||
71 | GNUNET_assert (strcmp ((char *) test_did, str_did) == 0); | ||
72 | GNUNET_free (str_did); | ||
73 | } | ||
74 | |||
75 | void | ||
76 | test_GNUNET_DID_did_to_pkey () | ||
77 | { | ||
78 | struct GNUNET_CRYPTO_PublicKey pkey; | ||
79 | DID_did_to_pkey ((char *) test_did, &pkey); | ||
80 | |||
81 | GNUNET_assert (test_pkey.type = pkey.type); | ||
82 | GNUNET_assert (memcmp (&pkey.eddsa_key, | ||
83 | &test_pkey.eddsa_key, | ||
84 | sizeof (test_pkey.eddsa_key)) == 0); | ||
85 | } | ||
86 | |||
87 | // void | ||
88 | // test_GNUNET_DID_key_convert_multibase_base64_to_gnunet (); | ||
89 | |||
90 | void | ||
91 | test_GNUNET_DID_key_convert_gnunet_to_multibase_base64 () | ||
92 | { | ||
93 | char *multibase_key; | ||
94 | multibase_key = DID_key_convert_gnunet_to_multibase_base64 (&test_pkey); | ||
95 | |||
96 | GNUNET_assert (strcmp (test_multibase_key, multibase_key) == 0); | ||
97 | GNUNET_free (multibase_key); | ||
98 | } | ||
99 | |||
100 | void | ||
101 | test_GNUNET_DID_pkey_to_did_document () | ||
102 | { | ||
103 | struct json_t *did_document; | ||
104 | char *did_document_str = DID_pkey_to_did_document (&test_pkey); | ||
105 | did_document = json_loads (did_document_str, JSON_DECODE_ANY, NULL); | ||
106 | GNUNET_assert (json_equal (test_did_document, did_document) == 1); | ||
107 | json_decref (did_document); | ||
108 | GNUNET_free (did_document_str); | ||
109 | } | ||
110 | |||
111 | int | ||
112 | main () | ||
113 | { | ||
114 | // Setup key | ||
115 | test_skey.type = htonl (GNUNET_PUBLIC_KEY_TYPE_EDDSA); | ||
116 | memcpy (&(test_skey.eddsa_key), | ||
117 | test_skey_bytes, | ||
118 | sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
119 | GNUNET_CRYPTO_key_get_public (&test_skey, &test_pkey); | ||
120 | |||
121 | // Setup did document | ||
122 | GNUNET_asprintf (&test_did_document_str, | ||
123 | test_did_document_format_str, | ||
124 | test_did, | ||
125 | test_did, | ||
126 | test_did, | ||
127 | test_multibase_key); | ||
128 | test_did_document = json_loads (test_did_document_str, JSON_DECODE_ANY, NULL); | ||
129 | |||
130 | // Do tests | ||
131 | test_GNUNET_DID_pkey_to_did (); | ||
132 | test_GNUNET_DID_did_to_pkey (); | ||
133 | test_GNUNET_DID_pkey_to_did_document (); | ||
134 | test_GNUNET_DID_key_convert_gnunet_to_multibase_base64 (); | ||
135 | json_decref (test_did_document); | ||
136 | return 0; | ||
137 | } | ||
diff --git a/src/reclaim/test_reclaim.conf b/src/reclaim/test_reclaim.conf deleted file mode 100644 index faa195ae1..000000000 --- a/src/reclaim/test_reclaim.conf +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | @INLINE@ test_reclaim_defaults.conf | ||
2 | |||
3 | [PATHS] | ||
4 | GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-reclaim-peer-1/ | ||
5 | |||
6 | [dht] | ||
7 | START_ON_DEMAND = YES | ||
8 | |||
9 | [rest] | ||
10 | START_ON_DEMAND = YES | ||
11 | PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=$GNUNET_TMP/restlog | ||
12 | |||
13 | [transport] | ||
14 | PLUGINS = | ||
15 | |||
16 | [zonemaster] | ||
17 | START_ON_DEMAND = YES | ||
18 | IMMEDIATE_START = YES | ||
19 | |||
20 | [reclaim] | ||
21 | START_ON_DEMAND = YES | ||
22 | TICKET_REFRESH_INTERVAL = 1 h | ||
23 | #PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=$GNUNET_TMP/idplog | ||
24 | |||
25 | [gns] | ||
26 | #PREFIX = valgrind --leak-check=full --track-origins=yes | ||
27 | START_ON_DEMAND = YES | ||
28 | AUTO_IMPORT_PKEY = YES | ||
29 | MAX_PARALLEL_BACKGROUND_QUERIES = 10 | ||
30 | DEFAULT_LOOKUP_TIMEOUT = 15 s | ||
31 | RECORD_PUT_INTERVAL = 1 h | ||
32 | ZONE_PUBLISH_TIME_WINDOW = 1 h | ||
33 | DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0 | ||
34 | |||
35 | [reclaim-rest-plugin] | ||
36 | address = http://localhost:8000/#/login | ||
37 | psw = mysupersecretpassword | ||
38 | expiration_time = 3600 | ||
diff --git a/src/reclaim/test_reclaim.sh b/src/reclaim/test_reclaim.sh deleted file mode 100755 index da93b10f7..000000000 --- a/src/reclaim/test_reclaim.sh +++ /dev/null | |||
@@ -1,31 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | #trap "gnunet-arm -e -c test_reclaim_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout > /dev/null 2>&1 && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_reclaim.conf | ||
27 | gnunet-identity -C testego -c test_reclaim.conf | ||
28 | valgrind gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf | ||
29 | gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf | ||
30 | gnunet-reclaim -e testego -D -c test_reclaim.conf | ||
31 | gnunet-arm -e -c test_reclaim.conf | ||
diff --git a/src/reclaim/test_reclaim_attribute.c b/src/reclaim/test_reclaim_attribute.c deleted file mode 100644 index acbcda62d..000000000 --- a/src/reclaim/test_reclaim_attribute.c +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | #include "platform.h" | ||
2 | #include "gnunet_common.h" | ||
3 | #include "gnunet_reclaim_lib.h" | ||
4 | |||
5 | int | ||
6 | main (int argc, char *argv[]) | ||
7 | { | ||
8 | struct GNUNET_RECLAIM_AttributeList *al; | ||
9 | struct GNUNET_RECLAIM_AttributeList *al_two; | ||
10 | struct GNUNET_RECLAIM_AttributeListEntry *ale; | ||
11 | char attrname[100]; | ||
12 | char attrdata[100]; | ||
13 | size_t ser_len_claimed; | ||
14 | size_t ser_len_actual; | ||
15 | char *ser_data; | ||
16 | int count = 0; | ||
17 | |||
18 | al = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); | ||
19 | for (int i = 0; i < 12; i++) | ||
20 | { | ||
21 | memset (attrname, 0, 100); | ||
22 | memset (attrdata, 0, 100); | ||
23 | sprintf (attrname, "attr%d", i); | ||
24 | sprintf (attrdata, "%d", i); | ||
25 | ale = GNUNET_new (struct GNUNET_RECLAIM_AttributeListEntry); | ||
26 | ale->attribute = GNUNET_RECLAIM_attribute_new (attrname, | ||
27 | &GNUNET_RECLAIM_ID_ZERO, | ||
28 | GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, | ||
29 | attrdata, | ||
30 | strlen (attrdata)); | ||
31 | GNUNET_CONTAINER_DLL_insert (al->list_head, | ||
32 | al->list_tail, | ||
33 | ale); | ||
34 | } | ||
35 | ser_len_claimed = GNUNET_RECLAIM_attribute_list_serialize_get_size (al); | ||
36 | ser_data = GNUNET_malloc (ser_len_claimed); | ||
37 | ser_len_actual = GNUNET_RECLAIM_attribute_list_serialize (al, | ||
38 | ser_data); | ||
39 | GNUNET_assert (ser_len_claimed == ser_len_actual); | ||
40 | al_two = GNUNET_RECLAIM_attribute_list_deserialize (ser_data, | ||
41 | ser_len_actual); | ||
42 | for (ale = al_two->list_head; NULL != ale; ale = ale->next) | ||
43 | count++; | ||
44 | GNUNET_assert (12 == count); | ||
45 | //GNUNET_assert (-1 != deser_len); | ||
46 | GNUNET_free (ser_data); | ||
47 | GNUNET_RECLAIM_attribute_list_destroy (al); | ||
48 | GNUNET_RECLAIM_attribute_list_destroy (al_two); | ||
49 | } | ||
diff --git a/src/reclaim/test_reclaim_attribute.sh b/src/reclaim/test_reclaim_attribute.sh deleted file mode 100755 index 17f7863d4..000000000 --- a/src/reclaim/test_reclaim_attribute.sh +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_reclaim.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_reclaim.conf | ||
27 | #gnunet-arm -i rest -c test_reclaim.conf | ||
28 | gnunet-identity -C testego -c test_reclaim.conf | ||
29 | gnunet-identity -C rpego -c test_reclaim.conf | ||
30 | TEST_KEY=$(gnunet-identity -d -e testego -q -c test_reclaim.conf) | ||
31 | gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf | ||
32 | gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf | ||
33 | if test $? != 0 | ||
34 | then | ||
35 | echo "Failed." | ||
36 | exit 1 | ||
37 | fi | ||
38 | |||
39 | #curl localhost:7776/reclaim/attributes/testego | ||
40 | gnunet-arm -e -c test_reclaim.conf | ||
diff --git a/src/reclaim/test_reclaim_consume.sh b/src/reclaim/test_reclaim_consume.sh deleted file mode 100755 index 8a88136c6..000000000 --- a/src/reclaim/test_reclaim_consume.sh +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_reclaim.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1>/dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout >/dev/null 2>&1 && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_reclaim.conf | ||
27 | #gnunet-arm -i rest -c test_reclaim.conf | ||
28 | gnunet-arm -I | ||
29 | gnunet-identity -C testego -c test_reclaim.conf | ||
30 | gnunet-identity -C rpego -c test_reclaim.conf | ||
31 | SUBJECT_KEY=$(gnunet-identity -d -e rpego -q -c test_reclaim.conf) | ||
32 | TEST_KEY=$(gnunet-identity -d -e testego -q -c test_reclaim.conf) | ||
33 | gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf | ||
34 | gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf | ||
35 | TICKET=$(gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf | awk '{print $1}') | ||
36 | gnunet-namestore -z testego -D -c test_reclaim.conf | ||
37 | gnunet-identity -d -c test_reclaim.conf | ||
38 | sleep 1 | ||
39 | gnunet-reclaim -e rpego -C $TICKET -c test_reclaim.conf | ||
40 | |||
41 | RES=$? | ||
42 | gnunet-identity -D testego -c test_reclaim.conf | ||
43 | gnunet-identity -D rpego -c test_reclaim.conf | ||
44 | gnunet-arm -e -c test_reclaim.conf | ||
45 | if test $RES != 0 | ||
46 | then | ||
47 | echo "Failed." | ||
48 | fi | ||
49 | |||
diff --git a/src/reclaim/test_reclaim_defaults.conf b/src/reclaim/test_reclaim_defaults.conf deleted file mode 100644 index a9a197dea..000000000 --- a/src/reclaim/test_reclaim_defaults.conf +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | @INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf | ||
2 | |||
3 | [PATHS] | ||
4 | GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-testing/ | ||
5 | |||
6 | [namestore-sqlite] | ||
7 | FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db | ||
8 | |||
9 | [namecache-sqlite] | ||
10 | FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db | ||
11 | |||
12 | [identity] | ||
13 | # Directory where we store information about our egos | ||
14 | EGODIR = $GNUNET_TEST_HOME/identity/egos/ | ||
15 | |||
16 | [dhtcache] | ||
17 | DATABASE = heap | ||
18 | |||
19 | [transport] | ||
20 | PLUGINS = tcp | ||
21 | |||
22 | [transport-tcp] | ||
23 | BINDTO = 127.0.0.1 | ||
24 | |||
diff --git a/src/reclaim/test_reclaim_issue.sh b/src/reclaim/test_reclaim_issue.sh deleted file mode 100755 index 63140e54c..000000000 --- a/src/reclaim/test_reclaim_issue.sh +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_reclaim.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout >/dev/null 2>&1 && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_reclaim.conf | ||
27 | #gnunet-arm -i rest -c test_reclaim.conf | ||
28 | gnunet-identity -C testego -c test_reclaim.conf | ||
29 | gnunet-identity -C rpego -c test_reclaim.conf | ||
30 | SUBJECT_KEY=$(gnunet-identity -d -e rpego -q -c test_reclaim.conf) | ||
31 | TEST_KEY=$(gnunet-identity -d -e testego -q -c test_reclaim.conf) | ||
32 | gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf | ||
33 | gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf | ||
34 | #gnunet-reclaim -e testego -D -c test_reclaim.conf | ||
35 | gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf > /dev/null 2>&1 | ||
36 | if test $? != 0 | ||
37 | then | ||
38 | echo "Failed." | ||
39 | exit 1 | ||
40 | fi | ||
41 | #curl http://localhost:7776/reclaim/attributes/testego | ||
42 | gnunet-arm -e -c test_reclaim.conf | ||
diff --git a/src/reclaim/test_reclaim_revoke.sh b/src/reclaim/test_reclaim_revoke.sh deleted file mode 100755 index da091a1ee..000000000 --- a/src/reclaim/test_reclaim_revoke.sh +++ /dev/null | |||
@@ -1,65 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_reclaim.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout >/dev/null 2&>1 && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_reclaim.conf >/dev/null 2&>1 | ||
27 | gnunet-identity -C alice -c test_reclaim.conf | ||
28 | gnunet-identity -C bob -c test_reclaim.conf | ||
29 | gnunet-identity -C eve -c test_reclaim.conf | ||
30 | ALICE_KEY=$(gnunet-identity -d -e alice -q -c test_reclaim.conf) | ||
31 | BOB_KEY=$(gnunet-identity -d -e bob -q -c test_reclaim.conf) | ||
32 | EVE_KEY=$(gnunet-identity -d -e eve -q -c test_reclaim.conf) | ||
33 | gnunet-reclaim -e alice -E 15s -a email -V john@doe.gnu -c test_reclaim.conf | ||
34 | gnunet-reclaim -e alice -E 15s -a name -V John -c test_reclaim.conf | ||
35 | TICKET_BOB=$(gnunet-reclaim -e alice -i "email,name" -r $BOB_KEY -c test_reclaim.conf | awk '{print $1}') | ||
36 | #gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf | ||
37 | TICKET_EVE=$(gnunet-reclaim -e alice -i "email" -r $EVE_KEY -c test_reclaim.conf | awk '{print $1}') | ||
38 | gnunet-namestore -z alice -D | ||
39 | echo "Revoking $TICKET" | ||
40 | gnunet-reclaim -e alice -R $TICKET_EVE -c test_reclaim.conf | ||
41 | gnunet-namestore -z alice -D | ||
42 | sleep 16 | ||
43 | echo "Consuming $TICKET" | ||
44 | |||
45 | gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf | ||
46 | if test $? = 0 | ||
47 | then | ||
48 | echo "Eve can still resolve attributes..." | ||
49 | gnunet-arm -e -c test_reclaim.conf | ||
50 | exit 1 | ||
51 | fi | ||
52 | |||
53 | gnunet-arm -e -c test_reclaim.conf | ||
54 | gnunet-arm -s -c test_reclaim.conf >/dev/null 2&>1 | ||
55 | |||
56 | gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf | ||
57 | #gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf >/dev/null 2&>1 | ||
58 | if test $? != 0 | ||
59 | then | ||
60 | echo "Bob cannot resolve attributes..." | ||
61 | gnunet-arm -e -c test_reclaim.conf | ||
62 | exit 1 | ||
63 | fi | ||
64 | |||
65 | gnunet-arm -e -c test_reclaim.conf | ||
diff --git a/src/reclaim/test_w3c_ed25519_2020.c b/src/reclaim/test_w3c_ed25519_2020.c deleted file mode 100644 index e2534e6ab..000000000 --- a/src/reclaim/test_w3c_ed25519_2020.c +++ /dev/null | |||
@@ -1,69 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2021 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | |||
22 | /** | ||
23 | * @file src/did/test_w3c_ed25519_2020.c | ||
24 | * @brief Testcases for the w3c Ed25519 formats for SSIs https://w3c-ccg.github.io/lds-ed25519-2020 | ||
25 | * @author Martin Schanzenbach | ||
26 | */ | ||
27 | |||
28 | #include "platform.h" | ||
29 | #include "gnunet_crypto_lib.h" | ||
30 | #include "gnunet_strings_lib.h" | ||
31 | |||
32 | static char test_privkey[32] = { | ||
33 | 0x9b, 0x93, 0x7b, 0x81, 0x32, 0x2d, 0x81, 0x6c, | ||
34 | 0xfa, 0xb9, 0xd5, 0xa3, 0xba, 0xac, 0xc9, 0xb2, | ||
35 | 0xa5, 0xfe, 0xbe, 0x4b, 0x14, 0x9f, 0x12, 0x6b, | ||
36 | 0x36, 0x30, 0xf9, 0x3a, 0x29, 0x52, 0x70, 0x17 | ||
37 | }; | ||
38 | |||
39 | static char *targetPublicKeyMultibase = "u7QEJX5oaWV3edV2CeGhkrQPfpaT71ogyVmNk4rZeE8yeRA"; | ||
40 | |||
41 | int | ||
42 | main () | ||
43 | { | ||
44 | struct GNUNET_CRYPTO_EddsaPrivateKey privkey; | ||
45 | struct GNUNET_CRYPTO_EddsaPublicKey pubkey; | ||
46 | |||
47 | memcpy (&privkey, test_privkey, sizeof (privkey)); | ||
48 | GNUNET_CRYPTO_eddsa_key_get_public (&privkey, &pubkey); | ||
49 | |||
50 | //This is how to convert out pubkeys to W3c Ed25519-2020 multibase (base64url no padding) | ||
51 | char *b64; | ||
52 | char pkx[34]; | ||
53 | pkx[0] = 0xed; | ||
54 | pkx[1] = 0x01; | ||
55 | memcpy (pkx+2, &pubkey, sizeof (pubkey)); | ||
56 | GNUNET_STRINGS_base64url_encode (pkx, | ||
57 | sizeof (pkx), | ||
58 | &b64); | ||
59 | printf ("u%s\n%s\n", b64, targetPublicKeyMultibase); | ||
60 | // FIXME convert pubkey to target | ||
61 | char *res; | ||
62 | GNUNET_asprintf (&res, "u%s", b64); | ||
63 | GNUNET_assert (0 == strcmp (res, | ||
64 | targetPublicKeyMultibase)); | ||
65 | |||
66 | GNUNET_free (b64); | ||
67 | GNUNET_free (res); | ||
68 | return 0; | ||
69 | } | ||