diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2015-11-18 15:23:23 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2015-11-18 15:23:23 +0000 |
commit | aba4cac0f08ecb17df34e375337090b00f457763 (patch) | |
tree | ee76474ef125ce22ea6e25eeeb05044b59cd8ef7 /src | |
parent | e6ecd40e2fc9bd1a98eadda346956e8f68bc83e2 (diff) | |
download | gnunet-aba4cac0f08ecb17df34e375337090b00f457763.tar.gz gnunet-aba4cac0f08ecb17df34e375337090b00f457763.zip |
- Add expiration and renewal parameters
- Remove debug output as errors
- Fix buggy error output
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-token/plugin_rest_identity_token.c | 119 |
1 files changed, 106 insertions, 13 deletions
diff --git a/src/identity-token/plugin_rest_identity_token.c b/src/identity-token/plugin_rest_identity_token.c index 3800c38bd..316d30c54 100644 --- a/src/identity-token/plugin_rest_identity_token.c +++ b/src/identity-token/plugin_rest_identity_token.c | |||
@@ -81,6 +81,16 @@ | |||
81 | #define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs" | 81 | #define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs" |
82 | 82 | ||
83 | /** | 83 | /** |
84 | * Token expiration string | ||
85 | */ | ||
86 | #define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration" | ||
87 | |||
88 | /** | ||
89 | * Renew token w/ relative expirations | ||
90 | */ | ||
91 | #define GNUNET_IDENTITY_TOKEN_RENEW_TOKEN "renew_token" | ||
92 | |||
93 | /** | ||
84 | * Error messages | 94 | * Error messages |
85 | */ | 95 | */ |
86 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" | 96 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" |
@@ -328,7 +338,7 @@ do_error (void *cls, | |||
328 | 338 | ||
329 | GNUNET_asprintf (&json_error, | 339 | GNUNET_asprintf (&json_error, |
330 | "{Error while processing request: %s}", | 340 | "{Error while processing request: %s}", |
331 | &handle->emsg); | 341 | handle->emsg); |
332 | 342 | ||
333 | resp = GNUNET_REST_create_json_response (json_error); | 343 | resp = GNUNET_REST_create_json_response (json_error); |
334 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 344 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
@@ -362,11 +372,12 @@ store_token_cont (void *cls, | |||
362 | handle->ns_qe = NULL; | 372 | handle->ns_qe = NULL; |
363 | if (GNUNET_SYSERR == success) | 373 | if (GNUNET_SYSERR == success) |
364 | { | 374 | { |
375 | handle->emsg = GNUNET_strdup (emsg); | ||
365 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 376 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
366 | return; | 377 | return; |
367 | } | 378 | } |
368 | GNUNET_REST_jsonapi_data_serialize (handle->resp_object, &result_str); | 379 | GNUNET_REST_jsonapi_data_serialize (handle->resp_object, &result_str); |
369 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Result %s\n", result_str); | 380 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); |
370 | resp = GNUNET_REST_create_json_response (result_str); | 381 | resp = GNUNET_REST_create_json_response (result_str); |
371 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 382 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
372 | GNUNET_free (result_str); | 383 | GNUNET_free (result_str); |
@@ -394,7 +405,10 @@ sign_and_return_token (void *cls, | |||
394 | char *sig_str; | 405 | char *sig_str; |
395 | char *lbl_str; | 406 | char *lbl_str; |
396 | char *token; | 407 | char *token; |
408 | char *exp_str; | ||
409 | char *renew_str; | ||
397 | uint64_t time; | 410 | uint64_t time; |
411 | uint64_t exp_time; | ||
398 | uint64_t lbl; | 412 | uint64_t lbl; |
399 | json_t *token_str; | 413 | json_t *token_str; |
400 | json_t *name_str; | 414 | json_t *name_str; |
@@ -404,16 +418,93 @@ sign_and_return_token (void *cls, | |||
404 | struct JsonApiResource *json_resource; | 418 | struct JsonApiResource *json_resource; |
405 | struct RequestHandle *handle = cls; | 419 | struct RequestHandle *handle = cls; |
406 | struct GNUNET_GNSRECORD_Data token_record; | 420 | struct GNUNET_GNSRECORD_Data token_record; |
421 | struct GNUNET_HashCode key; | ||
422 | struct GNUNET_TIME_Relative etime_rel; | ||
423 | static struct GNUNET_TIME_Absolute etime_abs; | ||
424 | int etime_is_rel = GNUNET_SYSERR; | ||
425 | int renew_token = GNUNET_NO; | ||
407 | 426 | ||
408 | time = GNUNET_TIME_absolute_get().abs_value_us; | 427 | time = GNUNET_TIME_absolute_get().abs_value_us; |
409 | lbl = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX); | 428 | lbl = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX); |
410 | GNUNET_STRINGS_base64_encode ((char*)&lbl, sizeof (uint64_t), &lbl_str); | 429 | GNUNET_STRINGS_base64_encode ((char*)&lbl, sizeof (uint64_t), &lbl_str); |
411 | 430 | ||
412 | json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); | 431 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_EXP_STRING, |
432 | strlen (GNUNET_IDENTITY_TOKEN_EXP_STRING), | ||
433 | &key); | ||
434 | |||
435 | //Get expiration for token from URL parameter | ||
436 | exp_str = NULL; | ||
437 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
438 | &key)) | ||
439 | { | ||
440 | exp_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
441 | &key); | ||
442 | } | ||
443 | |||
444 | if (NULL == exp_str) { | ||
445 | handle->emsg = GNUNET_strdup ("No expiration given!\n"); | ||
446 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
447 | return; | ||
448 | } | ||
449 | |||
450 | if (0 == strcmp (exp_str, "never")) | ||
451 | { | ||
452 | etime_abs = GNUNET_TIME_UNIT_FOREVER_ABS; | ||
453 | etime_is_rel = GNUNET_NO; | ||
454 | } | ||
455 | else if (GNUNET_OK == | ||
456 | GNUNET_STRINGS_fancy_time_to_relative (exp_str, | ||
457 | &etime_rel)) | ||
458 | { | ||
459 | etime_is_rel = GNUNET_YES; | ||
460 | } | ||
461 | else if (GNUNET_OK == | ||
462 | GNUNET_STRINGS_fancy_time_to_absolute (exp_str, | ||
463 | &etime_abs)) | ||
464 | { | ||
465 | etime_is_rel = GNUNET_NO; | ||
466 | } | ||
467 | else { | ||
468 | handle->emsg = GNUNET_strdup ("Expiration invalid!\n"); | ||
469 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
470 | return; | ||
471 | } | ||
472 | if (GNUNET_YES == etime_is_rel) | ||
473 | { | ||
474 | exp_time = time + etime_rel.rel_value_us; | ||
475 | } | ||
476 | else | ||
477 | { | ||
478 | exp_time = etime_abs.abs_value_us; | ||
479 | } | ||
480 | |||
481 | //Get renewal policy for token | ||
482 | if (GNUNET_YES == etime_is_rel) | ||
483 | { | ||
484 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_RENEW_TOKEN, | ||
485 | strlen (GNUNET_IDENTITY_TOKEN_RENEW_TOKEN), | ||
486 | &key); | ||
487 | |||
488 | |||
489 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
490 | &key)) | ||
491 | { | ||
492 | renew_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
493 | &key); | ||
494 | if (0 == strcmp (renew_str, "true")) | ||
495 | renew_token = GNUNET_YES; | ||
496 | } | ||
497 | } | ||
498 | |||
499 | //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); | ||
413 | json_object_set_new (handle->payload, "sub", json_string (handle->ego_entry->identifier)); | 500 | json_object_set_new (handle->payload, "sub", json_string (handle->ego_entry->identifier)); |
414 | json_object_set_new (handle->payload, "nbf", json_integer (time)); | 501 | json_object_set_new (handle->payload, "nbf", json_integer (time)); |
415 | json_object_set_new (handle->payload, "iat", json_integer (time)); | 502 | json_object_set_new (handle->payload, "iat", json_integer (time)); |
416 | json_object_set_new (handle->payload, "exp", json_integer (time+GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS)); | 503 | json_object_set_new (handle->payload, "exp", json_integer (exp_time)); |
504 | if (GNUNET_YES == renew_token) | ||
505 | { | ||
506 | json_object_set_new (handle->payload, "rnl", json_string ("yes")); | ||
507 | } | ||
417 | 508 | ||
418 | header_str = json_dumps (handle->header, JSON_COMPACT); | 509 | header_str = json_dumps (handle->header, JSON_COMPACT); |
419 | GNUNET_STRINGS_base64_encode (header_str, | 510 | GNUNET_STRINGS_base64_encode (header_str, |
@@ -477,9 +568,11 @@ sign_and_return_token (void *cls, | |||
477 | GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); | 568 | GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); |
478 | token_record.data = token; | 569 | token_record.data = token; |
479 | token_record.data_size = strlen (token); | 570 | token_record.data_size = strlen (token); |
480 | token_record.expiration_time = time+GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS; | 571 | token_record.expiration_time = exp_time; |
481 | token_record.record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN; | 572 | token_record.record_type = GNUNET_GNSRECORD_TYPE_ID_TOKEN; |
482 | token_record.flags = GNUNET_GNSRECORD_RF_NONE; | 573 | token_record.flags = GNUNET_GNSRECORD_RF_NONE; |
574 | if (GNUNET_YES == etime_is_rel) | ||
575 | token_record.flags |= GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | ||
483 | //Persist token | 576 | //Persist token |
484 | handle->ns_qe = GNUNET_NAMESTORE_records_store (handle->ns_handle, | 577 | handle->ns_qe = GNUNET_NAMESTORE_records_store (handle->ns_handle, |
485 | priv_key, | 578 | priv_key, |
@@ -512,7 +605,7 @@ attr_collect (void *cls, | |||
512 | 605 | ||
513 | if (NULL == label) | 606 | if (NULL == label) |
514 | { | 607 | { |
515 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute END: \n"); | 608 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute END: \n"); |
516 | handle->ns_it = NULL; | 609 | handle->ns_it = NULL; |
517 | GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); | 610 | GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); |
518 | return; | 611 | return; |
@@ -533,7 +626,7 @@ attr_collect (void *cls, | |||
533 | return; | 626 | return; |
534 | } | 627 | } |
535 | 628 | ||
536 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute: %s\n", label); | 629 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", label); |
537 | 630 | ||
538 | if (1 == rd_count) | 631 | if (1 == rd_count) |
539 | { | 632 | { |
@@ -542,7 +635,7 @@ attr_collect (void *cls, | |||
542 | data = GNUNET_GNSRECORD_value_to_string (rd->record_type, | 635 | data = GNUNET_GNSRECORD_value_to_string (rd->record_type, |
543 | rd->data, | 636 | rd->data, |
544 | rd->data_size); | 637 | rd->data_size); |
545 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding value: %s\n", data); | 638 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); |
546 | json_object_set_new (handle->payload, label, json_string (data)); | 639 | json_object_set_new (handle->payload, label, json_string (data)); |
547 | GNUNET_free (data); | 640 | GNUNET_free (data); |
548 | } | 641 | } |
@@ -559,7 +652,7 @@ attr_collect (void *cls, | |||
559 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, | 652 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, |
560 | rd[i].data, | 653 | rd[i].data, |
561 | rd[i].data_size); | 654 | rd[i].data_size); |
562 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding value: %s\n", data); | 655 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); |
563 | json_array_append_new (attr_arr, json_string (data)); | 656 | json_array_append_new (attr_arr, json_string (data)); |
564 | GNUNET_free (data); | 657 | GNUNET_free (data); |
565 | } | 658 | } |
@@ -697,7 +790,7 @@ return_token_list (void *cls, | |||
697 | struct MHD_Response *resp; | 790 | struct MHD_Response *resp; |
698 | 791 | ||
699 | GNUNET_REST_jsonapi_data_serialize (handle->resp_object, &result_str); | 792 | GNUNET_REST_jsonapi_data_serialize (handle->resp_object, &result_str); |
700 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Result %s\n", result_str); | 793 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); |
701 | resp = GNUNET_REST_create_json_response (result_str); | 794 | resp = GNUNET_REST_create_json_response (result_str); |
702 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 795 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
703 | GNUNET_free (result_str); | 796 | GNUNET_free (result_str); |
@@ -736,13 +829,13 @@ token_collect (void *cls, | |||
736 | if (NULL == handle->ego_head) | 829 | if (NULL == handle->ego_head) |
737 | { | 830 | { |
738 | //Done | 831 | //Done |
739 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding token END\n"); | 832 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token END\n"); |
740 | handle->ns_it = NULL; | 833 | handle->ns_it = NULL; |
741 | GNUNET_SCHEDULER_add_now (&return_token_list, handle); | 834 | GNUNET_SCHEDULER_add_now (&return_token_list, handle); |
742 | return; | 835 | return; |
743 | } | 836 | } |
744 | 837 | ||
745 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Next ego: %s\n", handle->ego_head->identifier); | 838 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Next ego: %s\n", handle->ego_head->identifier); |
746 | priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); | 839 | priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); |
747 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, | 840 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, |
748 | priv_key, | 841 | priv_key, |
@@ -758,7 +851,7 @@ token_collect (void *cls, | |||
758 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, | 851 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, |
759 | rd[i].data, | 852 | rd[i].data, |
760 | rd[i].data_size); | 853 | rd[i].data_size); |
761 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding token: %s\n", data); | 854 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token: %s\n", data); |
762 | json_resource = GNUNET_REST_jsonapi_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, | 855 | json_resource = GNUNET_REST_jsonapi_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, |
763 | label); | 856 | label); |
764 | issuer = json_string (handle->ego_head->identifier); | 857 | issuer = json_string (handle->ego_head->identifier); |