diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-10-06 16:50:32 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-10-06 16:50:32 +0200 |
commit | cc838240da0d28fa1fc6d7a97da2808a7a622365 (patch) | |
tree | 49603d5a1e1db330863b3465ef052ca6f9b2b04e /src | |
parent | 7807374c7247af1d139ff70b4af047c227229a6e (diff) | |
download | gnunet-cc838240da0d28fa1fc6d7a97da2808a7a622365.tar.gz gnunet-cc838240da0d28fa1fc6d7a97da2808a7a622365.zip |
-remove deprecated
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/Makefile.am | 23 | ||||
-rw-r--r-- | src/identity-provider/gnunet-identity-token.c | 179 | ||||
-rw-r--r-- | src/identity-provider/gnunet-idp.c | 8 | ||||
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 1115 | ||||
-rw-r--r-- | src/identity-provider/identity_provider.h | 140 | ||||
-rw-r--r-- | src/identity-provider/identity_provider_api.c | 362 | ||||
-rw-r--r-- | src/identity-provider/identity_token.c | 1006 | ||||
-rw-r--r-- | src/identity-provider/identity_token.h | 351 | ||||
-rw-r--r-- | src/identity-provider/plugin_identity_provider_sqlite.c | 6 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 1216 | ||||
-rw-r--r-- | src/include/gnunet_identity_provider_plugin.h | 6 | ||||
-rw-r--r-- | src/include/gnunet_identity_provider_service.h | 137 |
12 files changed, 47 insertions, 4502 deletions
diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am index 1b35c6c04..0aabc2143 100644 --- a/src/identity-provider/Makefile.am +++ b/src/identity-provider/Makefile.am | |||
@@ -26,12 +26,10 @@ pkgcfg_DATA = \ | |||
26 | lib_LTLIBRARIES = \ | 26 | lib_LTLIBRARIES = \ |
27 | libgnunetidentityprovider.la | 27 | libgnunetidentityprovider.la |
28 | plugin_LTLIBRARIES = \ | 28 | plugin_LTLIBRARIES = \ |
29 | libgnunet_plugin_rest_identity_provider.la \ | ||
30 | libgnunet_plugin_gnsrecord_identity_provider.la \ | 29 | libgnunet_plugin_gnsrecord_identity_provider.la \ |
31 | $(SQLITE_PLUGIN) | 30 | $(SQLITE_PLUGIN) |
32 | 31 | ||
33 | bin_PROGRAMS = \ | 32 | bin_PROGRAMS = \ |
34 | gnunet-identity-token \ | ||
35 | gnunet-idp | 33 | gnunet-idp |
36 | 34 | ||
37 | libexec_PROGRAMS = \ | 35 | libexec_PROGRAMS = \ |
@@ -60,7 +58,6 @@ libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \ | |||
60 | 58 | ||
61 | gnunet_service_identity_provider_SOURCES = \ | 59 | gnunet_service_identity_provider_SOURCES = \ |
62 | gnunet-service-identity-provider.c \ | 60 | gnunet-service-identity-provider.c \ |
63 | identity_token.c \ | ||
64 | identity_attribute.h | 61 | identity_attribute.h |
65 | gnunet_service_identity_provider_LDADD = \ | 62 | gnunet_service_identity_provider_LDADD = \ |
66 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ | 63 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ |
@@ -85,19 +82,6 @@ libgnunetidentityprovider_la_LDFLAGS = \ | |||
85 | $(GN_LIB_LDFLAGS) $(WINFLAGS) \ | 82 | $(GN_LIB_LDFLAGS) $(WINFLAGS) \ |
86 | -version-info 0:0:0 | 83 | -version-info 0:0:0 |
87 | 84 | ||
88 | libgnunet_plugin_rest_identity_provider_la_SOURCES = \ | ||
89 | plugin_rest_identity_provider.c | ||
90 | libgnunet_plugin_rest_identity_provider_la_LIBADD = \ | ||
91 | $(top_builddir)/src/identity/libgnunetidentity.la \ | ||
92 | libgnunetidentityprovider.la \ | ||
93 | $(top_builddir)/src/rest/libgnunetrest.la \ | ||
94 | $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \ | ||
95 | $(top_builddir)/src/namestore/libgnunetnamestore.la \ | ||
96 | $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ | ||
97 | $(LTLIBINTL) -ljansson -lmicrohttpd | ||
98 | libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \ | ||
99 | $(GN_PLUGIN_LDFLAGS) | ||
100 | |||
101 | gnunet_idp_SOURCES = \ | 85 | gnunet_idp_SOURCES = \ |
102 | gnunet-idp.c | 86 | gnunet-idp.c |
103 | gnunet_idp_LDADD = \ | 87 | gnunet_idp_LDADD = \ |
@@ -106,10 +90,3 @@ gnunet_idp_LDADD = \ | |||
106 | $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ | 90 | $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ |
107 | $(top_builddir)/src/identity/libgnunetidentity.la \ | 91 | $(top_builddir)/src/identity/libgnunetidentity.la \ |
108 | $(GN_LIBINTL) | 92 | $(GN_LIBINTL) |
109 | |||
110 | gnunet_identity_token_SOURCES = \ | ||
111 | gnunet-identity-token.c | ||
112 | gnunet_identity_token_LDADD = \ | ||
113 | $(top_builddir)/src/util/libgnunetutil.la \ | ||
114 | -ljansson -lmicrohttpd \ | ||
115 | $(GN_LIBINTL) | ||
diff --git a/src/identity-provider/gnunet-identity-token.c b/src/identity-provider/gnunet-identity-token.c deleted file mode 100644 index 30b63bfc4..000000000 --- a/src/identity-provider/gnunet-identity-token.c +++ /dev/null | |||
@@ -1,179 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file src/identity-provider/gnunet-service-identity-provider.c | ||
23 | * @brief Identity Token Service | ||
24 | * | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "gnunet_util_lib.h" | ||
29 | #include <jansson.h> | ||
30 | #include "gnunet_signatures.h" | ||
31 | |||
32 | /** | ||
33 | * The token | ||
34 | */ | ||
35 | static char* token; | ||
36 | |||
37 | /** | ||
38 | * Weather to print the token | ||
39 | */ | ||
40 | static int print_token; | ||
41 | |||
42 | static void | ||
43 | run (void *cls, | ||
44 | char *const *args, | ||
45 | const char *cfgfile, | ||
46 | const struct GNUNET_CONFIGURATION_Handle *c) | ||
47 | { | ||
48 | char *payload; | ||
49 | char *header; | ||
50 | //Get token parts | ||
51 | const char *header_b64; | ||
52 | const char *payload_b64; | ||
53 | const char *signature_b32; | ||
54 | const char *keystring; | ||
55 | char *data; | ||
56 | json_t *payload_json; | ||
57 | json_t *keystring_json; | ||
58 | json_error_t error; | ||
59 | struct GNUNET_CRYPTO_EcdsaPublicKey key; | ||
60 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
61 | struct GNUNET_CRYPTO_EcdsaSignature sig; | ||
62 | |||
63 | if (NULL == token) | ||
64 | { | ||
65 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
66 | _("Option `-t' is required\n")); | ||
67 | return; | ||
68 | } | ||
69 | header_b64 = strtok (token, "."); | ||
70 | payload_b64 = strtok (NULL, "."); | ||
71 | signature_b32 = strtok (NULL, "."); | ||
72 | if ( (NULL == header_b64) || | ||
73 | (NULL == payload_b64) || | ||
74 | (NULL == signature_b32) ) | ||
75 | { | ||
76 | GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE, | ||
77 | _("Token `%s' is malformed\n"), | ||
78 | token); | ||
79 | GNUNET_free (token); | ||
80 | token = NULL; | ||
81 | return; | ||
82 | } | ||
83 | |||
84 | //Decode payload | ||
85 | GNUNET_STRINGS_base64_decode (payload_b64, | ||
86 | strlen (payload_b64), | ||
87 | &payload); | ||
88 | //Decode header | ||
89 | GNUNET_STRINGS_base64_decode (header_b64, | ||
90 | strlen (header_b64), | ||
91 | &header); | ||
92 | |||
93 | |||
94 | GNUNET_asprintf(&data, | ||
95 | "%s,%s", | ||
96 | header_b64, | ||
97 | payload_b64); | ||
98 | char *val = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen (data)); | ||
99 | purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose*)val; | ||
100 | purpose->size = htonl(sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen (data)); | ||
101 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); | ||
102 | GNUNET_memcpy (&purpose[1], data, strlen(data)); | ||
103 | GNUNET_free (data); | ||
104 | GNUNET_free (token); | ||
105 | token = NULL; | ||
106 | |||
107 | if (print_token) | ||
108 | printf ("Token:\nHeader:\t\t%s\nPayload:\t%s\n", | ||
109 | header, | ||
110 | payload); | ||
111 | GNUNET_free (header); | ||
112 | |||
113 | payload_json = json_loads (payload, 0, &error); | ||
114 | GNUNET_free (payload); | ||
115 | |||
116 | if ((NULL == payload_json) || (! json_is_object (payload_json)) ) | ||
117 | { | ||
118 | GNUNET_free (val); | ||
119 | return; | ||
120 | } | ||
121 | keystring_json = json_object_get (payload_json, "iss"); | ||
122 | if (! json_is_string (keystring_json)) | ||
123 | { | ||
124 | GNUNET_free (val); | ||
125 | return; | ||
126 | } | ||
127 | keystring = json_string_value (keystring_json); | ||
128 | if (GNUNET_OK != | ||
129 | GNUNET_CRYPTO_ecdsa_public_key_from_string (keystring, | ||
130 | strlen (keystring), | ||
131 | &key)) | ||
132 | { | ||
133 | GNUNET_free (val); | ||
134 | return; | ||
135 | } | ||
136 | GNUNET_STRINGS_string_to_data (signature_b32, | ||
137 | strlen (signature_b32), | ||
138 | &sig, | ||
139 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
140 | |||
141 | if (print_token) | ||
142 | printf ("Signature:\t%s\n", | ||
143 | keystring); | ||
144 | |||
145 | if (GNUNET_OK != | ||
146 | GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN, | ||
147 | purpose, | ||
148 | &sig, | ||
149 | &key)) | ||
150 | printf("Signature not OK!\n"); | ||
151 | else | ||
152 | printf("Signature OK!\n"); | ||
153 | GNUNET_free (val); | ||
154 | return; | ||
155 | } | ||
156 | |||
157 | |||
158 | int | ||
159 | main(int argc, char *const argv[]) | ||
160 | { | ||
161 | struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
162 | |||
163 | GNUNET_GETOPT_option_string ('t', | ||
164 | "token", | ||
165 | NULL, | ||
166 | gettext_noop ("GNUid token"), | ||
167 | &token), | ||
168 | |||
169 | GNUNET_GETOPT_option_flag ('p', | ||
170 | "print", | ||
171 | gettext_noop ("Print token contents"), | ||
172 | &print_token), | ||
173 | |||
174 | GNUNET_GETOPT_OPTION_END | ||
175 | }; | ||
176 | return GNUNET_PROGRAM_run (argc, argv, "ct", | ||
177 | "ct", options, | ||
178 | &run, NULL); | ||
179 | } | ||
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c index fbe1d9613..bc30a1148 100644 --- a/src/identity-provider/gnunet-idp.c +++ b/src/identity-provider/gnunet-idp.c | |||
@@ -104,7 +104,7 @@ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key; | |||
104 | /** | 104 | /** |
105 | * Ticket to consume | 105 | * Ticket to consume |
106 | */ | 106 | */ |
107 | static struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; | 107 | static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; |
108 | 108 | ||
109 | /** | 109 | /** |
110 | * Attribute list | 110 | * Attribute list |
@@ -128,12 +128,12 @@ do_cleanup(void *cls) | |||
128 | 128 | ||
129 | static void | 129 | static void |
130 | ticket_issue_cb (void* cls, | 130 | ticket_issue_cb (void* cls, |
131 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) | 131 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
132 | { | 132 | { |
133 | char* ticket_str; | 133 | char* ticket_str; |
134 | if (NULL != ticket) { | 134 | if (NULL != ticket) { |
135 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, | 135 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, |
136 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); | 136 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); |
137 | printf("%s\n", | 137 | printf("%s\n", |
138 | ticket_str); | 138 | ticket_str); |
139 | GNUNET_free (ticket_str); | 139 | GNUNET_free (ticket_str); |
@@ -278,7 +278,7 @@ ego_cb (void *cls, | |||
278 | GNUNET_STRINGS_string_to_data (consume_ticket, | 278 | GNUNET_STRINGS_string_to_data (consume_ticket, |
279 | strlen (consume_ticket), | 279 | strlen (consume_ticket), |
280 | &ticket, | 280 | &ticket, |
281 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); | 281 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); |
282 | 282 | ||
283 | attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); | 283 | attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); |
284 | 284 | ||
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 8960ea162..9c03cdbd7 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -36,7 +36,6 @@ | |||
36 | #include "gnunet_identity_provider_plugin.h" | 36 | #include "gnunet_identity_provider_plugin.h" |
37 | #include "gnunet_signatures.h" | 37 | #include "gnunet_signatures.h" |
38 | #include "identity_provider.h" | 38 | #include "identity_provider.h" |
39 | #include "identity_token.h" | ||
40 | #include "identity_attribute.h" | 39 | #include "identity_attribute.h" |
41 | #include <inttypes.h> | 40 | #include <inttypes.h> |
42 | 41 | ||
@@ -360,27 +359,8 @@ struct AttributeStoreHandle | |||
360 | }; | 359 | }; |
361 | 360 | ||
362 | 361 | ||
363 | 362 | /* Prototype */ | |
364 | struct VerifiedAttributeEntry | ||
365 | { | ||
366 | /** | ||
367 | * DLL | ||
368 | */ | ||
369 | struct VerifiedAttributeEntry *prev; | ||
370 | |||
371 | /** | ||
372 | * DLL | ||
373 | */ | ||
374 | struct VerifiedAttributeEntry *next; | ||
375 | |||
376 | /** | ||
377 | * Attribute Name | ||
378 | */ | ||
379 | char* name; | ||
380 | }; | ||
381 | |||
382 | struct ParallelLookup; | 363 | struct ParallelLookup; |
383 | struct ParallelLookup2; | ||
384 | 364 | ||
385 | struct ConsumeTicketHandle | 365 | struct ConsumeTicketHandle |
386 | { | 366 | { |
@@ -393,7 +373,7 @@ struct ConsumeTicketHandle | |||
393 | /** | 373 | /** |
394 | * Ticket | 374 | * Ticket |
395 | */ | 375 | */ |
396 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; | 376 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; |
397 | 377 | ||
398 | /** | 378 | /** |
399 | * LookupRequest | 379 | * LookupRequest |
@@ -413,12 +393,12 @@ struct ConsumeTicketHandle | |||
413 | /** | 393 | /** |
414 | * Lookup DLL | 394 | * Lookup DLL |
415 | */ | 395 | */ |
416 | struct ParallelLookup2 *parallel_lookups_head; | 396 | struct ParallelLookup *parallel_lookups_head; |
417 | 397 | ||
418 | /** | 398 | /** |
419 | * Lookup DLL | 399 | * Lookup DLL |
420 | */ | 400 | */ |
421 | struct ParallelLookup2 *parallel_lookups_tail; | 401 | struct ParallelLookup *parallel_lookups_tail; |
422 | 402 | ||
423 | /** | 403 | /** |
424 | * Kill task | 404 | * Kill task |
@@ -441,82 +421,30 @@ struct ConsumeTicketHandle | |||
441 | uint32_t r_id; | 421 | uint32_t r_id; |
442 | }; | 422 | }; |
443 | 423 | ||
444 | struct ParallelLookup2 | 424 | /** |
445 | { | 425 | * Handle for a parallel GNS lookup job |
446 | struct ParallelLookup2 *next; | 426 | */ |
447 | |||
448 | struct ParallelLookup2 *prev; | ||
449 | |||
450 | struct GNUNET_GNS_LookupRequest *lookup_request; | ||
451 | |||
452 | struct ConsumeTicketHandle *handle; | ||
453 | |||
454 | char *label; | ||
455 | }; | ||
456 | |||
457 | |||
458 | struct ExchangeHandle | ||
459 | { | ||
460 | |||
461 | /** | ||
462 | * Client connection | ||
463 | */ | ||
464 | struct IdpClient *client; | ||
465 | |||
466 | /** | ||
467 | * Ticket | ||
468 | */ | ||
469 | struct TokenTicket *ticket; | ||
470 | |||
471 | /** | ||
472 | * Token returned | ||
473 | */ | ||
474 | struct IdentityToken *token; | ||
475 | |||
476 | /** | ||
477 | * LookupRequest | ||
478 | */ | ||
479 | struct GNUNET_GNS_LookupRequest *lookup_request; | ||
480 | |||
481 | /** | ||
482 | * Audience Key | ||
483 | */ | ||
484 | struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey; | ||
485 | |||
486 | /** | ||
487 | * ParallelLookups DLL | ||
488 | */ | ||
489 | struct ParallelLookup *parallel_lookups_head; | ||
490 | struct ParallelLookup *parallel_lookups_tail; | ||
491 | |||
492 | struct GNUNET_SCHEDULER_Task *kill_task; | ||
493 | struct GNUNET_CRYPTO_AbeKey *key; | ||
494 | |||
495 | /** | ||
496 | * Label to return | ||
497 | */ | ||
498 | char *label; | ||
499 | |||
500 | /** | ||
501 | * request id | ||
502 | */ | ||
503 | uint32_t r_id; | ||
504 | }; | ||
505 | |||
506 | struct ParallelLookup | 427 | struct ParallelLookup |
507 | { | 428 | { |
429 | /* DLL */ | ||
508 | struct ParallelLookup *next; | 430 | struct ParallelLookup *next; |
509 | 431 | ||
432 | /* DLL */ | ||
510 | struct ParallelLookup *prev; | 433 | struct ParallelLookup *prev; |
511 | 434 | ||
435 | /* The GNS request */ | ||
512 | struct GNUNET_GNS_LookupRequest *lookup_request; | 436 | struct GNUNET_GNS_LookupRequest *lookup_request; |
513 | 437 | ||
514 | struct ExchangeHandle *handle; | 438 | /* The handle the return to */ |
439 | struct ConsumeTicketHandle *handle; | ||
515 | 440 | ||
441 | /* The label to look up */ | ||
516 | char *label; | 442 | char *label; |
517 | }; | 443 | }; |
518 | 444 | ||
519 | 445 | /** | |
446 | * Ticket issue request handle | ||
447 | */ | ||
520 | struct TicketIssueHandle | 448 | struct TicketIssueHandle |
521 | { | 449 | { |
522 | 450 | ||
@@ -538,7 +466,7 @@ struct TicketIssueHandle | |||
538 | /** | 466 | /** |
539 | * Ticket to issue | 467 | * Ticket to issue |
540 | */ | 468 | */ |
541 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; | 469 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; |
542 | 470 | ||
543 | /** | 471 | /** |
544 | * QueueEntry | 472 | * QueueEntry |
@@ -553,103 +481,6 @@ struct TicketIssueHandle | |||
553 | 481 | ||
554 | 482 | ||
555 | /** | 483 | /** |
556 | * DEPRECATED | ||
557 | */ | ||
558 | struct IssueHandle | ||
559 | { | ||
560 | |||
561 | /** | ||
562 | * Client connection | ||
563 | */ | ||
564 | struct IdpClient *client; | ||
565 | |||
566 | /** | ||
567 | * Issuer Key | ||
568 | */ | ||
569 | struct GNUNET_CRYPTO_EcdsaPrivateKey iss_key; | ||
570 | |||
571 | /** | ||
572 | * Issue pubkey | ||
573 | */ | ||
574 | struct GNUNET_CRYPTO_EcdsaPublicKey iss_pkey; | ||
575 | |||
576 | /** | ||
577 | * Audience Key | ||
578 | */ | ||
579 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
580 | |||
581 | /** | ||
582 | * The issuer egos ABE master key | ||
583 | */ | ||
584 | struct GNUNET_CRYPTO_AbeMasterKey *abe_key; | ||
585 | |||
586 | /** | ||
587 | * Expiration | ||
588 | */ | ||
589 | struct GNUNET_TIME_Absolute expiration; | ||
590 | |||
591 | /** | ||
592 | * Scopes | ||
593 | */ | ||
594 | char *scopes; | ||
595 | |||
596 | /** | ||
597 | * DLL | ||
598 | */ | ||
599 | struct VerifiedAttributeEntry *v_attr_head; | ||
600 | |||
601 | /** | ||
602 | * DLL | ||
603 | */ | ||
604 | struct VerifiedAttributeEntry *v_attr_tail; | ||
605 | |||
606 | /** | ||
607 | * nonce | ||
608 | */ | ||
609 | uint64_t nonce; | ||
610 | |||
611 | /** | ||
612 | * NS iterator | ||
613 | */ | ||
614 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
615 | |||
616 | /** | ||
617 | * Cred request | ||
618 | */ | ||
619 | struct GNUNET_CREDENTIAL_Request *credential_request; | ||
620 | |||
621 | /** | ||
622 | * Attribute map | ||
623 | */ | ||
624 | struct GNUNET_CONTAINER_MultiHashMap *attr_map; | ||
625 | |||
626 | /** | ||
627 | * Token | ||
628 | */ | ||
629 | struct IdentityToken *token; | ||
630 | |||
631 | /** | ||
632 | * Ticket | ||
633 | */ | ||
634 | struct TokenTicket *ticket; | ||
635 | |||
636 | /** | ||
637 | * QueueEntry | ||
638 | */ | ||
639 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
640 | |||
641 | /** | ||
642 | * The label the token is stored under | ||
643 | */ | ||
644 | char *label; | ||
645 | |||
646 | /** | ||
647 | * request id | ||
648 | */ | ||
649 | uint32_t r_id; | ||
650 | }; | ||
651 | |||
652 | /** | ||
653 | * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format | 484 | * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format |
654 | * | 485 | * |
655 | */ | 486 | */ |
@@ -846,119 +677,6 @@ bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | |||
846 | 677 | ||
847 | 678 | ||
848 | 679 | ||
849 | static struct GNUNET_MQ_Envelope* | ||
850 | create_exchange_result_message (const char* token, | ||
851 | const char* label, | ||
852 | uint64_t ticket_nonce, | ||
853 | uint64_t id) | ||
854 | { | ||
855 | struct GNUNET_MQ_Envelope *env; | ||
856 | struct ExchangeResultMessage *erm; | ||
857 | uint16_t token_len = strlen (token) + 1; | ||
858 | |||
859 | env = GNUNET_MQ_msg_extra (erm, | ||
860 | token_len, | ||
861 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT); | ||
862 | erm->ticket_nonce = htonl (ticket_nonce); | ||
863 | erm->id = id; | ||
864 | GNUNET_memcpy (&erm[1], token, token_len); | ||
865 | return env; | ||
866 | } | ||
867 | |||
868 | |||
869 | static struct GNUNET_MQ_Envelope* | ||
870 | create_issue_result_message (const char* label, | ||
871 | const char* ticket, | ||
872 | const char* token, | ||
873 | uint64_t id) | ||
874 | { | ||
875 | struct GNUNET_MQ_Envelope *env; | ||
876 | struct IssueResultMessage *irm; | ||
877 | char *tmp_str; | ||
878 | size_t len; | ||
879 | |||
880 | GNUNET_asprintf (&tmp_str, "%s,%s,%s", label, ticket, token); | ||
881 | len = strlen (tmp_str) + 1; | ||
882 | env = GNUNET_MQ_msg_extra (irm, | ||
883 | len, | ||
884 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT); | ||
885 | irm->id = id; | ||
886 | GNUNET_memcpy (&irm[1], tmp_str, strlen (tmp_str) + 1); | ||
887 | GNUNET_free (tmp_str); | ||
888 | return env; | ||
889 | } | ||
890 | |||
891 | static void | ||
892 | cleanup_issue_handle (struct IssueHandle *handle) | ||
893 | { | ||
894 | if (NULL != handle->attr_map) | ||
895 | GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); | ||
896 | if (NULL != handle->scopes) | ||
897 | GNUNET_free (handle->scopes); | ||
898 | if (NULL != handle->token) | ||
899 | token_destroy (handle->token); | ||
900 | if (NULL != handle->ticket) | ||
901 | ticket_destroy (handle->ticket); | ||
902 | if (NULL != handle->label) | ||
903 | GNUNET_free (handle->label); | ||
904 | if (NULL != handle->ns_it) | ||
905 | GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); | ||
906 | if (NULL != handle->credential_request) | ||
907 | GNUNET_CREDENTIAL_request_cancel (handle->credential_request); | ||
908 | GNUNET_free (handle); | ||
909 | } | ||
910 | |||
911 | static void | ||
912 | store_record_issue_cont (void *cls, | ||
913 | int32_t success, | ||
914 | const char *emsg) | ||
915 | { | ||
916 | struct IssueHandle *handle = cls; | ||
917 | struct GNUNET_MQ_Envelope *env; | ||
918 | char *ticket_str; | ||
919 | char *token_str; | ||
920 | |||
921 | handle->ns_qe = NULL; | ||
922 | if (GNUNET_SYSERR == success) | ||
923 | { | ||
924 | cleanup_issue_handle (handle); | ||
925 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", | ||
926 | "Unknown Error\n"); | ||
927 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
928 | return; | ||
929 | } | ||
930 | if (GNUNET_OK != ticket_serialize (handle->ticket, | ||
931 | &handle->iss_key, | ||
932 | &ticket_str)) | ||
933 | { | ||
934 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", | ||
935 | "Error serializing ticket\n"); | ||
936 | cleanup_issue_handle (handle); | ||
937 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
938 | return; | ||
939 | } | ||
940 | if (GNUNET_OK != token_to_string (handle->token, | ||
941 | &handle->iss_key, | ||
942 | &token_str)) | ||
943 | { | ||
944 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", | ||
945 | "Error serializing token\n"); | ||
946 | GNUNET_free (ticket_str); | ||
947 | cleanup_issue_handle (handle); | ||
948 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
949 | return; | ||
950 | } | ||
951 | env = create_issue_result_message (handle->label, | ||
952 | ticket_str, | ||
953 | token_str, | ||
954 | handle->r_id); | ||
955 | GNUNET_MQ_send (handle->client->mq, | ||
956 | env); | ||
957 | cleanup_issue_handle (handle); | ||
958 | GNUNET_free (ticket_str); | ||
959 | GNUNET_free (token_str); | ||
960 | } | ||
961 | |||
962 | static int | 680 | static int |
963 | create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, | 681 | create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, |
964 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | 682 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey, |
@@ -982,775 +700,6 @@ create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, | |||
982 | return GNUNET_OK; | 700 | return GNUNET_OK; |
983 | } | 701 | } |
984 | 702 | ||
985 | int | ||
986 | serialize_abe_keyinfo (const struct IssueHandle *handle, | ||
987 | const struct GNUNET_CRYPTO_AbeKey *rp_key, | ||
988 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | ||
989 | char **result) | ||
990 | { | ||
991 | char *enc_keyinfo; | ||
992 | char *serialized_key; | ||
993 | char *buf; | ||
994 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
995 | ssize_t size; | ||
996 | |||
997 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
998 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
999 | struct GNUNET_HashCode new_key_hash; | ||
1000 | ssize_t enc_size; | ||
1001 | |||
1002 | size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key, | ||
1003 | (void**)&serialized_key); | ||
1004 | buf = GNUNET_malloc (strlen (handle->scopes) + 1 + size); | ||
1005 | GNUNET_memcpy (buf, | ||
1006 | handle->scopes, | ||
1007 | strlen (handle->scopes) + 1); | ||
1008 | GNUNET_memcpy (buf + strlen (handle->scopes) + 1, | ||
1009 | serialized_key, | ||
1010 | size); | ||
1011 | // ECDH keypair E = eG | ||
1012 | *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); | ||
1013 | GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, | ||
1014 | &ecdh_pubkey); | ||
1015 | enc_keyinfo = GNUNET_malloc (size + strlen (handle->scopes) + 1); | ||
1016 | // Derived key K = H(eB) | ||
1017 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, | ||
1018 | &handle->aud_key, | ||
1019 | &new_key_hash)); | ||
1020 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); | ||
1021 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf, | ||
1022 | size + strlen (handle->scopes) + 1, | ||
1023 | &skey, &iv, | ||
1024 | enc_keyinfo); | ||
1025 | *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+ | ||
1026 | enc_size); | ||
1027 | GNUNET_memcpy (*result, | ||
1028 | &ecdh_pubkey, | ||
1029 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1030 | GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), | ||
1031 | enc_keyinfo, | ||
1032 | enc_size); | ||
1033 | GNUNET_free (enc_keyinfo); | ||
1034 | return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size; | ||
1035 | } | ||
1036 | |||
1037 | static void | ||
1038 | cleanup_exchange_handle (struct ExchangeHandle *handle) | ||
1039 | { | ||
1040 | if (NULL != handle->ticket) | ||
1041 | ticket_destroy (handle->ticket); | ||
1042 | if (NULL != handle->token) | ||
1043 | token_destroy (handle->token); | ||
1044 | GNUNET_free (handle); | ||
1045 | } | ||
1046 | |||
1047 | |||
1048 | /** | ||
1049 | * Build a token and store it | ||
1050 | * | ||
1051 | * @param cls the IssueHandle | ||
1052 | */ | ||
1053 | static void | ||
1054 | sign_and_return_token (void *cls) | ||
1055 | { | ||
1056 | struct ExchangeHandle *handle = cls; | ||
1057 | struct GNUNET_MQ_Envelope *env; | ||
1058 | char *token_str; | ||
1059 | uint64_t time; | ||
1060 | uint64_t exp_time; | ||
1061 | |||
1062 | time = GNUNET_TIME_absolute_get().abs_value_us; | ||
1063 | exp_time = time + token_expiration_interval.rel_value_us; | ||
1064 | |||
1065 | token_add_attr_int (handle->token, "nbf", time); | ||
1066 | token_add_attr_int (handle->token, "iat", time); | ||
1067 | token_add_attr_int (handle->token, "exp", exp_time); | ||
1068 | |||
1069 | //Readable | ||
1070 | GNUNET_assert (GNUNET_OK == token_to_string (handle->token, | ||
1071 | &handle->aud_privkey, | ||
1072 | &token_str)); | ||
1073 | |||
1074 | env = create_exchange_result_message (token_str, | ||
1075 | handle->label, | ||
1076 | handle->ticket->payload->nonce, | ||
1077 | handle->r_id); | ||
1078 | GNUNET_MQ_send (handle->client->mq, | ||
1079 | env); | ||
1080 | cleanup_exchange_handle (handle); | ||
1081 | GNUNET_free (token_str); | ||
1082 | |||
1083 | } | ||
1084 | |||
1085 | /** | ||
1086 | * Build an ABE key and store it | ||
1087 | * | ||
1088 | * @param cls the IssueHandle | ||
1089 | */ | ||
1090 | static void | ||
1091 | issue_ticket (void *cls) | ||
1092 | { | ||
1093 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | ||
1094 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | ||
1095 | struct IssueHandle *handle = cls; | ||
1096 | struct GNUNET_GNSRECORD_Data code_record[1]; | ||
1097 | struct GNUNET_CRYPTO_AbeKey *rp_key; | ||
1098 | char *nonce_str; | ||
1099 | char *code_record_data; | ||
1100 | char **attrs; | ||
1101 | char *scope; | ||
1102 | char *scopes_tmp; | ||
1103 | int attrs_len; | ||
1104 | int i; | ||
1105 | uint64_t time; | ||
1106 | uint64_t exp_time; | ||
1107 | size_t code_record_len; | ||
1108 | |||
1109 | //Remote nonce | ||
1110 | nonce_str = NULL; | ||
1111 | GNUNET_asprintf (&nonce_str, "%lu", handle->nonce); | ||
1112 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); | ||
1113 | |||
1114 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, | ||
1115 | &pub_key); | ||
1116 | handle->ticket = ticket_create (handle->nonce, | ||
1117 | &pub_key, | ||
1118 | handle->label, | ||
1119 | &handle->aud_key); | ||
1120 | |||
1121 | time = GNUNET_TIME_absolute_get().abs_value_us; | ||
1122 | exp_time = time + token_expiration_interval.rel_value_us; | ||
1123 | |||
1124 | token_add_attr_int (handle->token, "nbf", time); | ||
1125 | token_add_attr_int (handle->token, "iat", time); | ||
1126 | token_add_attr_int (handle->token, "exp", exp_time); | ||
1127 | token_add_attr (handle->token, "nonce", nonce_str); | ||
1128 | |||
1129 | //Create new ABE key for RP | ||
1130 | attrs_len = (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) + 1) * sizeof (char*); | ||
1131 | attrs = GNUNET_malloc (attrs_len); | ||
1132 | i = 0; | ||
1133 | scopes_tmp = GNUNET_strdup (handle->scopes); | ||
1134 | for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) { | ||
1135 | attrs[i] = scope; | ||
1136 | i++; | ||
1137 | } | ||
1138 | rp_key = GNUNET_CRYPTO_cpabe_create_key (handle->abe_key, | ||
1139 | attrs); | ||
1140 | code_record_len = serialize_abe_keyinfo (handle, | ||
1141 | rp_key, | ||
1142 | &ecdhe_privkey, | ||
1143 | &code_record_data); | ||
1144 | code_record[0].data = code_record_data; | ||
1145 | code_record[0].data_size = code_record_len; | ||
1146 | code_record[0].expiration_time = exp_time; | ||
1147 | code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY; | ||
1148 | code_record[0].flags = GNUNET_GNSRECORD_RF_NONE; | ||
1149 | |||
1150 | |||
1151 | //Publish record | ||
1152 | handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | ||
1153 | &handle->iss_key, | ||
1154 | handle->label, | ||
1155 | 1, | ||
1156 | code_record, | ||
1157 | &store_record_issue_cont, | ||
1158 | handle); | ||
1159 | GNUNET_free (ecdhe_privkey); | ||
1160 | GNUNET_free (nonce_str); | ||
1161 | GNUNET_free (code_record_data); | ||
1162 | } | ||
1163 | |||
1164 | /** | ||
1165 | * Credential to JSON | ||
1166 | * @param cred the credential | ||
1167 | * @return the resulting json, NULL if failed | ||
1168 | */ | ||
1169 | static json_t* | ||
1170 | credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) | ||
1171 | { | ||
1172 | char *issuer; | ||
1173 | char *subject; | ||
1174 | char *signature; | ||
1175 | char attribute[cred->issuer_attribute_len + 1]; | ||
1176 | json_t *cred_obj; | ||
1177 | |||
1178 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); | ||
1179 | if (NULL == issuer) | ||
1180 | { | ||
1181 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1182 | "Issuer in credential malformed\n"); | ||
1183 | return NULL; | ||
1184 | } | ||
1185 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); | ||
1186 | if (NULL == subject) | ||
1187 | { | ||
1188 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1189 | "Subject in credential malformed\n"); | ||
1190 | GNUNET_free (issuer); | ||
1191 | return NULL; | ||
1192 | } | ||
1193 | GNUNET_STRINGS_base64_encode ((char*)&cred->signature, | ||
1194 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
1195 | &signature); | ||
1196 | memcpy (attribute, | ||
1197 | cred->issuer_attribute, | ||
1198 | cred->issuer_attribute_len); | ||
1199 | attribute[cred->issuer_attribute_len] = '\0'; | ||
1200 | cred_obj = json_object (); | ||
1201 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); | ||
1202 | json_object_set_new (cred_obj, "subject", json_string (subject)); | ||
1203 | json_object_set_new (cred_obj, "attribute", json_string (attribute)); | ||
1204 | json_object_set_new (cred_obj, "signature", json_string (signature)); | ||
1205 | json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us)); | ||
1206 | GNUNET_free (issuer); | ||
1207 | GNUNET_free (subject); | ||
1208 | GNUNET_free (signature); | ||
1209 | return cred_obj; | ||
1210 | } | ||
1211 | |||
1212 | |||
1213 | static void | ||
1214 | handle_vattr_collection (void* cls, | ||
1215 | unsigned int d_count, | ||
1216 | struct GNUNET_CREDENTIAL_Delegation *dc, | ||
1217 | unsigned int c_count, | ||
1218 | struct GNUNET_CREDENTIAL_Credential *cred) | ||
1219 | { | ||
1220 | struct IssueHandle *handle = cls; | ||
1221 | struct VerifiedAttributeEntry *vattr; | ||
1222 | json_t *cred_json; | ||
1223 | json_t *cred_array; | ||
1224 | int i; | ||
1225 | handle->credential_request = NULL; | ||
1226 | |||
1227 | if (NULL == cred) | ||
1228 | { | ||
1229 | GNUNET_SCHEDULER_add_now (&issue_ticket, handle); | ||
1230 | return; | ||
1231 | } | ||
1232 | cred_array = json_array(); | ||
1233 | for (i=0;i<c_count;i++) | ||
1234 | { | ||
1235 | cred_json = credential_to_json (cred); | ||
1236 | if (NULL == cred_json) | ||
1237 | continue; | ||
1238 | json_array_append (cred_array, cred_json); | ||
1239 | token_add_attr_json (handle->token, | ||
1240 | handle->v_attr_head->name, | ||
1241 | cred_array); | ||
1242 | } | ||
1243 | json_decref (cred_array); | ||
1244 | vattr = handle->v_attr_head; | ||
1245 | |||
1246 | GNUNET_CONTAINER_DLL_remove (handle->v_attr_head, | ||
1247 | handle->v_attr_tail, | ||
1248 | vattr); | ||
1249 | GNUNET_free (vattr->name); | ||
1250 | GNUNET_free (vattr); | ||
1251 | |||
1252 | if (NULL == handle->v_attr_head) | ||
1253 | { | ||
1254 | GNUNET_SCHEDULER_add_now (&issue_ticket, handle); | ||
1255 | return; | ||
1256 | } | ||
1257 | handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, | ||
1258 | &handle->aud_key, | ||
1259 | handle->v_attr_head->name, | ||
1260 | &handle->iss_key, | ||
1261 | &handle_vattr_collection, | ||
1262 | handle); | ||
1263 | |||
1264 | } | ||
1265 | |||
1266 | |||
1267 | static void | ||
1268 | attr_collect_error (void *cls) | ||
1269 | { | ||
1270 | struct IssueHandle *handle = cls; | ||
1271 | |||
1272 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute Error!\n"); | ||
1273 | handle->ns_it = NULL; | ||
1274 | GNUNET_SCHEDULER_add_now (&issue_ticket, handle); | ||
1275 | } | ||
1276 | |||
1277 | |||
1278 | static void | ||
1279 | attr_collect_finished (void *cls) | ||
1280 | { | ||
1281 | struct IssueHandle *handle = cls; | ||
1282 | |||
1283 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute END: \n"); | ||
1284 | handle->ns_it = NULL; | ||
1285 | |||
1286 | if (NULL == handle->v_attr_head) | ||
1287 | { | ||
1288 | GNUNET_SCHEDULER_add_now (&issue_ticket, handle); | ||
1289 | return; | ||
1290 | } | ||
1291 | handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle, | ||
1292 | &handle->aud_key, | ||
1293 | handle->v_attr_head->name, | ||
1294 | &handle->iss_key, | ||
1295 | &handle_vattr_collection, | ||
1296 | handle); | ||
1297 | } | ||
1298 | |||
1299 | /** | ||
1300 | * Collect attributes for token | ||
1301 | */ | ||
1302 | static void | ||
1303 | attr_collect (void *cls, | ||
1304 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1305 | const char *label, | ||
1306 | unsigned int rd_count, | ||
1307 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1308 | { | ||
1309 | struct IssueHandle *handle = cls; | ||
1310 | int i; | ||
1311 | char* data; | ||
1312 | struct GNUNET_HashCode key; | ||
1313 | |||
1314 | GNUNET_CRYPTO_hash (label, | ||
1315 | strlen (label), | ||
1316 | &key); | ||
1317 | |||
1318 | if (0 == rd_count || | ||
1319 | ( (NULL != handle->attr_map) && | ||
1320 | (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map, | ||
1321 | &key)) | ||
1322 | ) | ||
1323 | ) | ||
1324 | { | ||
1325 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1326 | return; | ||
1327 | } | ||
1328 | |||
1329 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", label); | ||
1330 | |||
1331 | if (1 == rd_count) | ||
1332 | { | ||
1333 | if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) | ||
1334 | { | ||
1335 | data = GNUNET_GNSRECORD_value_to_string (rd->record_type, | ||
1336 | rd->data, | ||
1337 | rd->data_size); | ||
1338 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); | ||
1339 | token_add_attr (handle->token, | ||
1340 | label, | ||
1341 | data); | ||
1342 | GNUNET_free (data); | ||
1343 | } | ||
1344 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1345 | return; | ||
1346 | } | ||
1347 | |||
1348 | i = 0; | ||
1349 | for (; i < rd_count; i++) | ||
1350 | { | ||
1351 | if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) | ||
1352 | { | ||
1353 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, | ||
1354 | rd[i].data, | ||
1355 | rd[i].data_size); | ||
1356 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); | ||
1357 | token_add_attr (handle->token, label, data); | ||
1358 | GNUNET_free (data); | ||
1359 | } | ||
1360 | } | ||
1361 | |||
1362 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
1363 | } | ||
1364 | |||
1365 | static void | ||
1366 | process_parallel_lookup (void *cls, uint32_t rd_count, | ||
1367 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1368 | { | ||
1369 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1370 | "Parallel lookup finished (count=%u)\n", rd_count); | ||
1371 | struct ParallelLookup *parallel_lookup = cls; | ||
1372 | struct ExchangeHandle *handle = parallel_lookup->handle; | ||
1373 | char *data; | ||
1374 | int i; | ||
1375 | |||
1376 | GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, | ||
1377 | handle->parallel_lookups_tail, | ||
1378 | parallel_lookup); | ||
1379 | GNUNET_free (parallel_lookup); | ||
1380 | if (1 == rd_count) | ||
1381 | { | ||
1382 | if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) | ||
1383 | { | ||
1384 | GNUNET_CRYPTO_cpabe_decrypt (rd->data, | ||
1385 | rd->data_size, | ||
1386 | handle->key, | ||
1387 | (void**)&data); | ||
1388 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); | ||
1389 | token_add_attr (handle->token, | ||
1390 | parallel_lookup->label, | ||
1391 | data); | ||
1392 | GNUNET_free (data); | ||
1393 | } | ||
1394 | } else { | ||
1395 | i = 0; | ||
1396 | for (; i < rd_count; i++) | ||
1397 | { | ||
1398 | if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR) | ||
1399 | { | ||
1400 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, | ||
1401 | rd[i].data, | ||
1402 | rd[i].data_size); | ||
1403 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); | ||
1404 | token_add_attr (handle->token, parallel_lookup->label, data); | ||
1405 | GNUNET_free (data); | ||
1406 | } | ||
1407 | } | ||
1408 | } | ||
1409 | if (NULL != handle->parallel_lookups_head) | ||
1410 | return; //Wait for more | ||
1411 | //Else we are done | ||
1412 | GNUNET_SCHEDULER_cancel (handle->kill_task); | ||
1413 | GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); | ||
1414 | } | ||
1415 | |||
1416 | void | ||
1417 | abort_parallel_lookups (void *cls) | ||
1418 | { | ||
1419 | struct ExchangeHandle *handle = cls; | ||
1420 | struct ParallelLookup *lu; | ||
1421 | struct ParallelLookup *tmp; | ||
1422 | |||
1423 | for (lu = handle->parallel_lookups_head; | ||
1424 | NULL != lu;) { | ||
1425 | GNUNET_GNS_lookup_cancel (lu->lookup_request); | ||
1426 | GNUNET_free (lu->label); | ||
1427 | tmp = lu->next; | ||
1428 | GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head, | ||
1429 | handle->parallel_lookups_tail, | ||
1430 | lu); | ||
1431 | GNUNET_free (lu); | ||
1432 | lu = tmp; | ||
1433 | } | ||
1434 | GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle); | ||
1435 | |||
1436 | } | ||
1437 | |||
1438 | static void | ||
1439 | process_lookup_result (void *cls, uint32_t rd_count, | ||
1440 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1441 | { | ||
1442 | struct ExchangeHandle *handle = cls; | ||
1443 | struct GNUNET_HashCode new_key_hash; | ||
1444 | struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; | ||
1445 | struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; | ||
1446 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; | ||
1447 | struct ParallelLookup *parallel_lookup; | ||
1448 | size_t size; | ||
1449 | char *buf; | ||
1450 | char *scope; | ||
1451 | char *lookup_query; | ||
1452 | |||
1453 | handle->lookup_request = NULL; | ||
1454 | if (1 != rd_count) | ||
1455 | { | ||
1456 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1457 | "Number of keys %d != 1.", | ||
1458 | rd_count); | ||
1459 | cleanup_exchange_handle (handle); | ||
1460 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1461 | return; | ||
1462 | } | ||
1463 | |||
1464 | //Decrypt | ||
1465 | ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data; | ||
1466 | |||
1467 | buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1468 | |||
1469 | //Calculate symmetric key from ecdh parameters | ||
1470 | GNUNET_assert (GNUNET_OK == | ||
1471 | GNUNET_CRYPTO_ecdsa_ecdh (&handle->aud_privkey, | ||
1472 | ecdh_key, | ||
1473 | &new_key_hash)); | ||
1474 | create_sym_key_from_ecdh (&new_key_hash, | ||
1475 | &enc_key, | ||
1476 | &enc_iv); | ||
1477 | size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), | ||
1478 | rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey), | ||
1479 | &enc_key, | ||
1480 | &enc_iv, | ||
1481 | buf); | ||
1482 | |||
1483 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1484 | "Decrypted bytes: %zd Expected bytes: %zd\n", | ||
1485 | size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1486 | |||
1487 | scopes = GNUNET_strdup (buf); | ||
1488 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1489 | "Scopes %s\n", scopes); | ||
1490 | handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1), | ||
1491 | rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) | ||
1492 | - strlen (scopes) - 1); | ||
1493 | |||
1494 | for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ",")) | ||
1495 | { | ||
1496 | GNUNET_asprintf (&lookup_query, | ||
1497 | "%s.gnu", | ||
1498 | scope); | ||
1499 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1500 | "Looking up %s\n", lookup_query); | ||
1501 | parallel_lookup = GNUNET_new (struct ParallelLookup); | ||
1502 | parallel_lookup->handle = handle; | ||
1503 | parallel_lookup->label = GNUNET_strdup (scope); | ||
1504 | parallel_lookup->lookup_request | ||
1505 | = GNUNET_GNS_lookup (gns_handle, | ||
1506 | lookup_query, | ||
1507 | &handle->ticket->payload->identity_key, | ||
1508 | GNUNET_GNSRECORD_TYPE_ID_ATTR, | ||
1509 | GNUNET_GNS_LO_LOCAL_MASTER, | ||
1510 | &process_parallel_lookup, | ||
1511 | parallel_lookup); | ||
1512 | GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head, | ||
1513 | handle->parallel_lookups_tail, | ||
1514 | parallel_lookup); | ||
1515 | } | ||
1516 | handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3), | ||
1517 | &abort_parallel_lookups, | ||
1518 | handle); | ||
1519 | } | ||
1520 | |||
1521 | /** | ||
1522 | * Checks a exchange message | ||
1523 | * | ||
1524 | * @param cls client sending the message | ||
1525 | * @param xm message of type `struct ExchangeMessage` | ||
1526 | * @return #GNUNET_OK if @a xm is well-formed | ||
1527 | */ | ||
1528 | static int | ||
1529 | check_exchange_message (void *cls, | ||
1530 | const struct ExchangeMessage *xm) | ||
1531 | { | ||
1532 | uint16_t size; | ||
1533 | |||
1534 | size = ntohs (xm->header.size); | ||
1535 | if (size <= sizeof (struct ExchangeMessage)) | ||
1536 | { | ||
1537 | GNUNET_break (0); | ||
1538 | return GNUNET_SYSERR; | ||
1539 | } | ||
1540 | return GNUNET_OK; | ||
1541 | } | ||
1542 | |||
1543 | /** | ||
1544 | * | ||
1545 | * Handler for exchange message | ||
1546 | * | ||
1547 | * @param cls unused | ||
1548 | * @param client who sent the message | ||
1549 | * @param message the message | ||
1550 | */ | ||
1551 | static void | ||
1552 | handle_exchange_message (void *cls, | ||
1553 | const struct ExchangeMessage *xm) | ||
1554 | { | ||
1555 | struct ExchangeHandle *xchange_handle; | ||
1556 | struct IdpClient *idp = cls; | ||
1557 | const char *ticket; | ||
1558 | char *lookup_query; | ||
1559 | |||
1560 | ticket = (const char *) &xm[1]; | ||
1561 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1562 | "Received EXCHANGE of `%s' from client\n", | ||
1563 | ticket); | ||
1564 | xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle)); | ||
1565 | xchange_handle->aud_privkey = xm->aud_privkey; | ||
1566 | xchange_handle->r_id = xm->id; | ||
1567 | if (GNUNET_SYSERR == ticket_parse (ticket, | ||
1568 | &xchange_handle->aud_privkey, | ||
1569 | &xchange_handle->ticket)) | ||
1570 | { | ||
1571 | GNUNET_free (xchange_handle); | ||
1572 | GNUNET_SERVICE_client_drop (idp->client); | ||
1573 | return; | ||
1574 | } | ||
1575 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n", | ||
1576 | xchange_handle->ticket->payload->label); | ||
1577 | GNUNET_asprintf (&lookup_query, | ||
1578 | "%s.gnu", | ||
1579 | xchange_handle->ticket->payload->label); | ||
1580 | GNUNET_SERVICE_client_continue (idp->client); | ||
1581 | xchange_handle->client = idp; | ||
1582 | xchange_handle->token = token_create (&xchange_handle->ticket->payload->identity_key, | ||
1583 | &xchange_handle->ticket->payload->identity_key); | ||
1584 | xchange_handle->lookup_request | ||
1585 | = GNUNET_GNS_lookup (gns_handle, | ||
1586 | lookup_query, | ||
1587 | &xchange_handle->ticket->payload->identity_key, | ||
1588 | GNUNET_GNSRECORD_TYPE_ABE_KEY, | ||
1589 | GNUNET_GNS_LO_LOCAL_MASTER, | ||
1590 | &process_lookup_result, | ||
1591 | xchange_handle); | ||
1592 | GNUNET_free (lookup_query); | ||
1593 | |||
1594 | } | ||
1595 | |||
1596 | void | ||
1597 | attr_collect_task (void *cls) | ||
1598 | { | ||
1599 | struct IssueHandle *issue_handle = cls; | ||
1600 | |||
1601 | issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle, | ||
1602 | &issue_handle->iss_key, | ||
1603 | &attr_collect_error, | ||
1604 | issue_handle, | ||
1605 | &attr_collect, | ||
1606 | issue_handle, | ||
1607 | &attr_collect_finished, | ||
1608 | issue_handle); | ||
1609 | } | ||
1610 | |||
1611 | void | ||
1612 | abe_key_lookup_error (void *cls) | ||
1613 | { | ||
1614 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1615 | "Error looking for ABE master!\n"); | ||
1616 | GNUNET_SCHEDULER_add_now (&do_shutdown, cls); | ||
1617 | } | ||
1618 | |||
1619 | void | ||
1620 | abe_key_lookup_result (void *cls, | ||
1621 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1622 | const char *label, | ||
1623 | unsigned int rd_count, | ||
1624 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1625 | { | ||
1626 | struct IssueHandle *handle = cls; | ||
1627 | int i; | ||
1628 | |||
1629 | for (i=0;i<rd_count;i++) { | ||
1630 | if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type) | ||
1631 | continue; | ||
1632 | handle->abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data, | ||
1633 | rd[i].data_size); | ||
1634 | GNUNET_SCHEDULER_add_now (&attr_collect_task, handle); | ||
1635 | return; | ||
1636 | } | ||
1637 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1638 | "No ABE master found!\n"); | ||
1639 | GNUNET_SCHEDULER_add_now (&do_shutdown, NULL); | ||
1640 | |||
1641 | } | ||
1642 | |||
1643 | |||
1644 | /** | ||
1645 | * Checks an issue message | ||
1646 | * | ||
1647 | * @param cls client sending the message | ||
1648 | * @param im message of type `struct IssueMessage` | ||
1649 | * @return #GNUNET_OK if @a im is well-formed | ||
1650 | */ | ||
1651 | static int | ||
1652 | check_issue_message(void *cls, | ||
1653 | const struct IssueMessage *im) | ||
1654 | { | ||
1655 | uint16_t size; | ||
1656 | |||
1657 | size = ntohs (im->header.size); | ||
1658 | if (size <= sizeof (struct IssueMessage)) | ||
1659 | { | ||
1660 | GNUNET_break (0); | ||
1661 | return GNUNET_SYSERR; | ||
1662 | } | ||
1663 | scopes = (char *) &im[1]; | ||
1664 | if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1]) | ||
1665 | { | ||
1666 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1667 | "Malformed scopes received!\n"); | ||
1668 | GNUNET_break (0); | ||
1669 | return GNUNET_SYSERR; | ||
1670 | } | ||
1671 | return GNUNET_OK; | ||
1672 | } | ||
1673 | |||
1674 | |||
1675 | /** | ||
1676 | * | ||
1677 | * Handler for issue message | ||
1678 | * | ||
1679 | * @param cls unused | ||
1680 | * @param client who sent the message | ||
1681 | * @param message the message | ||
1682 | */ | ||
1683 | static void | ||
1684 | handle_issue_message (void *cls, | ||
1685 | const struct IssueMessage *im) | ||
1686 | { | ||
1687 | const char *scopes; | ||
1688 | char *scopes_tmp; | ||
1689 | char *scope; | ||
1690 | uint64_t rnd_key; | ||
1691 | struct GNUNET_HashCode key; | ||
1692 | struct IssueHandle *issue_handle; | ||
1693 | struct IdpClient *idp = cls; | ||
1694 | |||
1695 | scopes = (const char *) &im[1]; | ||
1696 | //v_attrs = (const char *) &im[1] + ntohl(im->scope_len); | ||
1697 | issue_handle = GNUNET_malloc (sizeof (struct IssueHandle)); | ||
1698 | issue_handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5, | ||
1699 | GNUNET_NO); | ||
1700 | scopes_tmp = GNUNET_strdup (scopes); | ||
1701 | |||
1702 | for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) | ||
1703 | { | ||
1704 | GNUNET_CRYPTO_hash (scope, | ||
1705 | strlen (scope), | ||
1706 | &key); | ||
1707 | GNUNET_CONTAINER_multihashmap_put (issue_handle->attr_map, | ||
1708 | &key, | ||
1709 | scope, | ||
1710 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
1711 | } | ||
1712 | GNUNET_free (scopes_tmp); | ||
1713 | /*scopes_tmp = GNUNET_strdup (v_attrs); | ||
1714 | |||
1715 | for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) | ||
1716 | { | ||
1717 | vattr_entry = GNUNET_new (struct VerifiedAttributeEntry); | ||
1718 | vattr_entry->name = GNUNET_strdup (scope); | ||
1719 | GNUNET_CONTAINER_DLL_insert (issue_handle->v_attr_head, | ||
1720 | issue_handle->v_attr_tail, | ||
1721 | vattr_entry); | ||
1722 | } | ||
1723 | GNUNET_free (scopes_tmp);*/ | ||
1724 | |||
1725 | |||
1726 | |||
1727 | issue_handle->r_id = im->id; | ||
1728 | issue_handle->aud_key = im->aud_key; | ||
1729 | issue_handle->iss_key = im->iss_key; | ||
1730 | GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key, | ||
1731 | &issue_handle->iss_pkey); | ||
1732 | issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration); | ||
1733 | issue_handle->nonce = ntohl (im->nonce); | ||
1734 | GNUNET_SERVICE_client_continue (idp->client); | ||
1735 | issue_handle->client = idp; | ||
1736 | issue_handle->scopes = GNUNET_strdup (scopes); | ||
1737 | issue_handle->token = token_create (&issue_handle->iss_pkey, | ||
1738 | &issue_handle->aud_key); | ||
1739 | rnd_key = | ||
1740 | GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, | ||
1741 | UINT64_MAX); | ||
1742 | GNUNET_STRINGS_base64_encode ((char*)&rnd_key, | ||
1743 | sizeof (uint64_t), | ||
1744 | &issue_handle->label); | ||
1745 | issue_handle->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, | ||
1746 | &issue_handle->iss_key, | ||
1747 | "+", | ||
1748 | &abe_key_lookup_error, | ||
1749 | issue_handle, | ||
1750 | &abe_key_lookup_result, | ||
1751 | issue_handle); | ||
1752 | } | ||
1753 | |||
1754 | static void | 703 | static void |
1755 | cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) | 704 | cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) |
1756 | { | 705 | { |
@@ -1765,11 +714,11 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) | |||
1765 | static void | 714 | static void |
1766 | send_ticket_result (struct IdpClient *client, | 715 | send_ticket_result (struct IdpClient *client, |
1767 | uint32_t r_id, | 716 | uint32_t r_id, |
1768 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) | 717 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
1769 | { | 718 | { |
1770 | struct TicketResultMessage *irm; | 719 | struct TicketResultMessage *irm; |
1771 | struct GNUNET_MQ_Envelope *env; | 720 | struct GNUNET_MQ_Envelope *env; |
1772 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket_buf; | 721 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf; |
1773 | 722 | ||
1774 | /* store ticket in DB */ | 723 | /* store ticket in DB */ |
1775 | if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, | 724 | if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, |
@@ -1781,9 +730,9 @@ send_ticket_result (struct IdpClient *client, | |||
1781 | } | 730 | } |
1782 | 731 | ||
1783 | env = GNUNET_MQ_msg_extra (irm, | 732 | env = GNUNET_MQ_msg_extra (irm, |
1784 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), | 733 | sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket), |
1785 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); | 734 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); |
1786 | ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; | 735 | ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1]; |
1787 | *ticket_buf = *ticket; | 736 | *ticket_buf = *ticket; |
1788 | irm->id = htonl (r_id); | 737 | irm->id = htonl (r_id); |
1789 | GNUNET_MQ_send (client->mq, | 738 | GNUNET_MQ_send (client->mq, |
@@ -2043,7 +992,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count, | |||
2043 | { | 992 | { |
2044 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 993 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2045 | "Parallel lookup finished (count=%u)\n", rd_count); | 994 | "Parallel lookup finished (count=%u)\n", rd_count); |
2046 | struct ParallelLookup2 *parallel_lookup = cls; | 995 | struct ParallelLookup *parallel_lookup = cls; |
2047 | struct ConsumeTicketHandle *handle = parallel_lookup->handle; | 996 | struct ConsumeTicketHandle *handle = parallel_lookup->handle; |
2048 | struct ConsumeTicketResultMessage *crm; | 997 | struct ConsumeTicketResultMessage *crm; |
2049 | struct GNUNET_MQ_Envelope *env; | 998 | struct GNUNET_MQ_Envelope *env; |
@@ -2105,8 +1054,8 @@ void | |||
2105 | abort_parallel_lookups2 (void *cls) | 1054 | abort_parallel_lookups2 (void *cls) |
2106 | { | 1055 | { |
2107 | struct ConsumeTicketHandle *handle = cls; | 1056 | struct ConsumeTicketHandle *handle = cls; |
2108 | struct ParallelLookup2 *lu; | 1057 | struct ParallelLookup *lu; |
2109 | struct ParallelLookup2 *tmp; | 1058 | struct ParallelLookup *tmp; |
2110 | struct AttributeResultMessage *arm; | 1059 | struct AttributeResultMessage *arm; |
2111 | struct GNUNET_MQ_Envelope *env; | 1060 | struct GNUNET_MQ_Envelope *env; |
2112 | 1061 | ||
@@ -2147,7 +1096,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, | |||
2147 | struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; | 1096 | struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; |
2148 | struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; | 1097 | struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; |
2149 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; | 1098 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; |
2150 | struct ParallelLookup2 *parallel_lookup; | 1099 | struct ParallelLookup *parallel_lookup; |
2151 | size_t size; | 1100 | size_t size; |
2152 | char *buf; | 1101 | char *buf; |
2153 | char *scope; | 1102 | char *scope; |
@@ -2201,7 +1150,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count, | |||
2201 | scope); | 1150 | scope); |
2202 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 1151 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2203 | "Looking up %s\n", lookup_query); | 1152 | "Looking up %s\n", lookup_query); |
2204 | parallel_lookup = GNUNET_new (struct ParallelLookup2); | 1153 | parallel_lookup = GNUNET_new (struct ParallelLookup); |
2205 | parallel_lookup->handle = handle; | 1154 | parallel_lookup->handle = handle; |
2206 | parallel_lookup->label = GNUNET_strdup (scope); | 1155 | parallel_lookup->label = GNUNET_strdup (scope); |
2207 | parallel_lookup->lookup_request | 1156 | parallel_lookup->lookup_request |
@@ -2247,7 +1196,7 @@ handle_consume_ticket_message (void *cls, | |||
2247 | ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); | 1196 | ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); |
2248 | GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, | 1197 | GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, |
2249 | &ch->identity_pub); | 1198 | &ch->identity_pub); |
2250 | ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket2*)&cm[1]); | 1199 | ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]); |
2251 | rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, | 1200 | rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, |
2252 | sizeof (uint64_t)); | 1201 | sizeof (uint64_t)); |
2253 | GNUNET_asprintf (&lookup_query, | 1202 | GNUNET_asprintf (&lookup_query, |
@@ -2660,7 +1609,7 @@ struct TicketIterationProcResult | |||
2660 | */ | 1609 | */ |
2661 | static void | 1610 | static void |
2662 | ticket_iterate_proc (void *cls, | 1611 | ticket_iterate_proc (void *cls, |
2663 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) | 1612 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
2664 | { | 1613 | { |
2665 | struct TicketIterationProcResult *proc = cls; | 1614 | struct TicketIterationProcResult *proc = cls; |
2666 | 1615 | ||
@@ -2973,14 +1922,6 @@ GNUNET_SERVICE_MAIN | |||
2973 | &client_connect_cb, | 1922 | &client_connect_cb, |
2974 | &client_disconnect_cb, | 1923 | &client_disconnect_cb, |
2975 | NULL, | 1924 | NULL, |
2976 | GNUNET_MQ_hd_var_size (issue_message, | ||
2977 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE, | ||
2978 | struct IssueMessage, | ||
2979 | NULL), | ||
2980 | GNUNET_MQ_hd_var_size (exchange_message, | ||
2981 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE, | ||
2982 | struct ExchangeMessage, | ||
2983 | NULL), | ||
2984 | GNUNET_MQ_hd_var_size (attribute_store_message, | 1925 | GNUNET_MQ_hd_var_size (attribute_store_message, |
2985 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, | 1926 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, |
2986 | struct AttributeStoreMessage, | 1927 | struct AttributeStoreMessage, |
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 96bed18f4..9361854ad 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h | |||
@@ -34,146 +34,6 @@ | |||
34 | GNUNET_NETWORK_STRUCT_BEGIN | 34 | GNUNET_NETWORK_STRUCT_BEGIN |
35 | 35 | ||
36 | /** | 36 | /** |
37 | * The token | ||
38 | */ | ||
39 | struct GNUNET_IDENTITY_PROVIDER_Token | ||
40 | { | ||
41 | /** | ||
42 | * The JWT representation of the identity token | ||
43 | */ | ||
44 | char *data; | ||
45 | }; | ||
46 | |||
47 | /** | ||
48 | * The ticket DEPRECATED | ||
49 | */ | ||
50 | struct GNUNET_IDENTITY_PROVIDER_Ticket | ||
51 | { | ||
52 | /** | ||
53 | * The Base64 representation of the ticket | ||
54 | */ | ||
55 | char *data; | ||
56 | }; | ||
57 | |||
58 | /** | ||
59 | * Answer from service to client after issue operation | ||
60 | */ | ||
61 | struct IssueResultMessage | ||
62 | { | ||
63 | /** | ||
64 | * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_RESULT_CODE | ||
65 | */ | ||
66 | struct GNUNET_MessageHeader header; | ||
67 | |||
68 | /** | ||
69 | * Unique identifier for this request (for key collisions). | ||
70 | */ | ||
71 | uint32_t id GNUNET_PACKED; | ||
72 | |||
73 | /* followed by 0-terminated label,ticket,token */ | ||
74 | |||
75 | }; | ||
76 | |||
77 | |||
78 | /** | ||
79 | * Ticket exchange message. | ||
80 | */ | ||
81 | struct ExchangeResultMessage | ||
82 | { | ||
83 | /** | ||
84 | * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_UPDATE | ||
85 | */ | ||
86 | struct GNUNET_MessageHeader header; | ||
87 | |||
88 | /** | ||
89 | * Unique identifier for this request (for key collisions). | ||
90 | */ | ||
91 | uint32_t id GNUNET_PACKED; | ||
92 | |||
93 | /** | ||
94 | * Nonce found in ticket. NBO | ||
95 | * 0 on error. | ||
96 | */ | ||
97 | uint64_t ticket_nonce GNUNET_PACKED; | ||
98 | |||
99 | /* followed by 0-terminated token */ | ||
100 | |||
101 | }; | ||
102 | |||
103 | |||
104 | |||
105 | /** | ||
106 | * Client requests IdP to issue token. | ||
107 | */ | ||
108 | struct IssueMessage | ||
109 | { | ||
110 | /** | ||
111 | * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_GET_DEFAULT | ||
112 | */ | ||
113 | struct GNUNET_MessageHeader header; | ||
114 | |||
115 | /** | ||
116 | * Unique identifier for this request (for key collisions). | ||
117 | */ | ||
118 | uint32_t id GNUNET_PACKED; | ||
119 | |||
120 | |||
121 | /** | ||
122 | * Issuer identity private key | ||
123 | */ | ||
124 | struct GNUNET_CRYPTO_EcdsaPrivateKey iss_key; | ||
125 | |||
126 | /** | ||
127 | * Audience public key | ||
128 | */ | ||
129 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
130 | |||
131 | /** | ||
132 | * Nonce | ||
133 | */ | ||
134 | uint64_t nonce; | ||
135 | |||
136 | /** | ||
137 | * Length of scopes | ||
138 | */ | ||
139 | uint64_t scope_len; | ||
140 | |||
141 | /** | ||
142 | * Expiration of token in NBO. | ||
143 | */ | ||
144 | struct GNUNET_TIME_AbsoluteNBO expiration; | ||
145 | |||
146 | |||
147 | /* followed by 0-terminated comma-separated scope list */ | ||
148 | |||
149 | }; | ||
150 | |||
151 | |||
152 | /** | ||
153 | * Use to exchange a ticket for a token | ||
154 | */ | ||
155 | struct ExchangeMessage | ||
156 | { | ||
157 | /** | ||
158 | * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT | ||
159 | */ | ||
160 | struct GNUNET_MessageHeader header; | ||
161 | |||
162 | /** | ||
163 | * Unique identifier for this request (for key collisions). | ||
164 | */ | ||
165 | uint32_t id GNUNET_PACKED; | ||
166 | |||
167 | /** | ||
168 | * Audience identity private key | ||
169 | */ | ||
170 | struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey; | ||
171 | |||
172 | /* followed by 0-terminated ticket string */ | ||
173 | |||
174 | }; | ||
175 | |||
176 | /** | ||
177 | * Use to store an identity attribute | 37 | * Use to store an identity attribute |
178 | */ | 38 | */ |
179 | struct AttributeStoreMessage | 39 | struct AttributeStoreMessage |
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 6ef1d470e..d623eaf3b 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c | |||
@@ -64,18 +64,6 @@ struct GNUNET_IDENTITY_PROVIDER_Operation | |||
64 | const struct GNUNET_MessageHeader *msg; | 64 | const struct GNUNET_MessageHeader *msg; |
65 | 65 | ||
66 | /** | 66 | /** |
67 | * Continuation to invoke with the result of the transmission; @e cb | ||
68 | * will be NULL in this case. | ||
69 | */ | ||
70 | GNUNET_IDENTITY_PROVIDER_ExchangeCallback ex_cb; | ||
71 | |||
72 | /** | ||
73 | * Continuation to invoke with the result of the transmission for | ||
74 | * 'issue' operations (@e cont will be NULL in this case). | ||
75 | */ | ||
76 | GNUNET_IDENTITY_PROVIDER_IssueCallback iss_cb; | ||
77 | |||
78 | /** | ||
79 | * Continuation to invoke after attribute store call | 67 | * Continuation to invoke after attribute store call |
80 | */ | 68 | */ |
81 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; | 69 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; |
@@ -404,151 +392,6 @@ mq_error_handler (void *cls, | |||
404 | } | 392 | } |
405 | 393 | ||
406 | /** | 394 | /** |
407 | * Check validity of message received from the service | ||
408 | * | ||
409 | * @param cls the `struct GNUNET_IDENTITY_PROVIDER_Handle *` | ||
410 | * @param result_msg the incoming message | ||
411 | */ | ||
412 | static int | ||
413 | check_exchange_result (void *cls, | ||
414 | const struct ExchangeResultMessage *erm) | ||
415 | { | ||
416 | char *str; | ||
417 | size_t size = ntohs (erm->header.size); | ||
418 | |||
419 | |||
420 | str = (char *) &erm[0]; | ||
421 | if ( (size > sizeof (struct ExchangeResultMessage)) && | ||
422 | ('\0' != str[size - 1]) ) | ||
423 | { | ||
424 | GNUNET_break (0); | ||
425 | return GNUNET_SYSERR; | ||
426 | } | ||
427 | return GNUNET_OK; | ||
428 | } | ||
429 | |||
430 | |||
431 | /** | ||
432 | * Check validity of message received from the service | ||
433 | * | ||
434 | * @param cls the `struct GNUNET_IDENTITY_PROVIDER_Handle *` | ||
435 | * @param result_msg the incoming message | ||
436 | */ | ||
437 | static int | ||
438 | check_result (void *cls, | ||
439 | const struct IssueResultMessage *irm) | ||
440 | { | ||
441 | char *str; | ||
442 | size_t size = ntohs (irm->header.size); | ||
443 | str = (char*) &irm[0]; | ||
444 | if ( (size > sizeof (struct IssueResultMessage)) && | ||
445 | ('\0' != str[size - 1]) ) | ||
446 | { | ||
447 | GNUNET_break (0); | ||
448 | return GNUNET_SYSERR; | ||
449 | } | ||
450 | return GNUNET_OK; | ||
451 | } | ||
452 | |||
453 | /** | ||
454 | * Handler for messages received from the GNS service | ||
455 | * | ||
456 | * @param cls the `struct GNUNET_GNS_Handle *` | ||
457 | * @param loookup_msg the incoming message | ||
458 | */ | ||
459 | static void | ||
460 | handle_exchange_result (void *cls, | ||
461 | const struct ExchangeResultMessage *erm) | ||
462 | { | ||
463 | struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; | ||
464 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | ||
465 | struct GNUNET_IDENTITY_PROVIDER_Token token; | ||
466 | uint64_t ticket_nonce; | ||
467 | uint32_t r_id = ntohl (erm->id); | ||
468 | char *str; | ||
469 | |||
470 | for (op = handle->op_head; NULL != op; op = op->next) | ||
471 | if (op->r_id == r_id) | ||
472 | break; | ||
473 | if (NULL == op) | ||
474 | return; | ||
475 | str = GNUNET_strdup ((char*)&erm[1]); | ||
476 | op = handle->op_head; | ||
477 | GNUNET_CONTAINER_DLL_remove (handle->op_head, | ||
478 | handle->op_tail, | ||
479 | op); | ||
480 | token.data = str; | ||
481 | ticket_nonce = ntohl (erm->ticket_nonce); | ||
482 | if (NULL != op->ex_cb) | ||
483 | op->ex_cb (op->cls, &token, ticket_nonce); | ||
484 | GNUNET_free (str); | ||
485 | GNUNET_free (op); | ||
486 | |||
487 | } | ||
488 | |||
489 | /** | ||
490 | * Handler for messages received from the GNS service | ||
491 | * | ||
492 | * @param cls the `struct GNUNET_GNS_Handle *` | ||
493 | * @param loookup_msg the incoming message | ||
494 | */ | ||
495 | static void | ||
496 | handle_result (void *cls, | ||
497 | const struct IssueResultMessage *irm) | ||
498 | { | ||
499 | struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; | ||
500 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | ||
501 | struct GNUNET_IDENTITY_PROVIDER_Token token; | ||
502 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; | ||
503 | uint32_t r_id = ntohl (irm->id); | ||
504 | char *str; | ||
505 | char *label_str; | ||
506 | char *ticket_str; | ||
507 | char *token_str; | ||
508 | |||
509 | for (op = handle->op_head; NULL != op; op = op->next) | ||
510 | if (op->r_id == r_id) | ||
511 | break; | ||
512 | if (NULL == op) | ||
513 | return; | ||
514 | str = GNUNET_strdup ((char*)&irm[1]); | ||
515 | label_str = strtok (str, ","); | ||
516 | |||
517 | if (NULL == label_str) | ||
518 | { | ||
519 | GNUNET_free (str); | ||
520 | GNUNET_break (0); | ||
521 | return; | ||
522 | } | ||
523 | ticket_str = strtok (NULL, ","); | ||
524 | if (NULL == ticket_str) | ||
525 | { | ||
526 | GNUNET_free (str); | ||
527 | GNUNET_break (0); | ||
528 | return; | ||
529 | } | ||
530 | token_str = strtok (NULL, ","); | ||
531 | if (NULL == token_str) | ||
532 | { | ||
533 | GNUNET_free (str); | ||
534 | GNUNET_break (0); | ||
535 | return; | ||
536 | } | ||
537 | GNUNET_CONTAINER_DLL_remove (handle->op_head, | ||
538 | handle->op_tail, | ||
539 | op); | ||
540 | ticket.data = ticket_str; | ||
541 | token.data = token_str; | ||
542 | if (NULL != op->iss_cb) | ||
543 | op->iss_cb (op->cls, label_str, &ticket, &token); | ||
544 | GNUNET_free (str); | ||
545 | GNUNET_free (op); | ||
546 | |||
547 | } | ||
548 | |||
549 | |||
550 | |||
551 | /** | ||
552 | * Handle an incoming message of type | 395 | * Handle an incoming message of type |
553 | * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE | 396 | * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE |
554 | * | 397 | * |
@@ -824,7 +667,7 @@ handle_ticket_result (void *cls, | |||
824 | struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; | 667 | struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; |
825 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | 668 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; |
826 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; | 669 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; |
827 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; | 670 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; |
828 | uint32_t r_id = ntohl (msg->id); | 671 | uint32_t r_id = ntohl (msg->id); |
829 | size_t msg_len; | 672 | size_t msg_len; |
830 | 673 | ||
@@ -847,7 +690,7 @@ handle_ticket_result (void *cls, | |||
847 | if (NULL != op->tr_cb) | 690 | if (NULL != op->tr_cb) |
848 | op->tr_cb (op->cls, NULL); | 691 | op->tr_cb (op->cls, NULL); |
849 | } else { | 692 | } else { |
850 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; | 693 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; |
851 | if (NULL != op->tr_cb) | 694 | if (NULL != op->tr_cb) |
852 | op->tr_cb (op->cls, ticket); | 695 | op->tr_cb (op->cls, ticket); |
853 | } | 696 | } |
@@ -863,7 +706,7 @@ handle_ticket_result (void *cls, | |||
863 | it->finish_cb (it->finish_cb_cls); | 706 | it->finish_cb (it->finish_cb_cls); |
864 | } else { | 707 | } else { |
865 | 708 | ||
866 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; | 709 | ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1]; |
867 | if (NULL != it->tr_cb) | 710 | if (NULL != it->tr_cb) |
868 | it->tr_cb (it->cls, ticket); | 711 | it->tr_cb (it->cls, ticket); |
869 | } | 712 | } |
@@ -888,14 +731,6 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) | |||
888 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, | 731 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, |
889 | struct AttributeStoreResponseMessage, | 732 | struct AttributeStoreResponseMessage, |
890 | h), | 733 | h), |
891 | GNUNET_MQ_hd_var_size (result, | ||
892 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT, | ||
893 | struct IssueResultMessage, | ||
894 | h), | ||
895 | GNUNET_MQ_hd_var_size (exchange_result, | ||
896 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT, | ||
897 | struct ExchangeResultMessage, | ||
898 | h), | ||
899 | GNUNET_MQ_hd_var_size (attribute_result, | 734 | GNUNET_MQ_hd_var_size (attribute_result, |
900 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, | 735 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, |
901 | struct AttributeResultMessage, | 736 | struct AttributeResultMessage, |
@@ -953,117 +788,6 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg) | |||
953 | 788 | ||
954 | 789 | ||
955 | /** | 790 | /** |
956 | * Issue an identity token | ||
957 | * | ||
958 | * @param id identity service to query | ||
959 | * @param service_name for which service is an identity wanted | ||
960 | * @param cb function to call with the result (will only be called once) | ||
961 | * @param cb_cls closure for @a cb | ||
962 | * @return handle to abort the operation | ||
963 | */ | ||
964 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
965 | GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
966 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, | ||
967 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
968 | const char* scopes, | ||
969 | const char* vattr, | ||
970 | struct GNUNET_TIME_Absolute expiration, | ||
971 | uint64_t nonce, | ||
972 | GNUNET_IDENTITY_PROVIDER_IssueCallback cb, | ||
973 | void *cb_cls) | ||
974 | { | ||
975 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | ||
976 | struct IssueMessage *im; | ||
977 | size_t slen; | ||
978 | |||
979 | slen = strlen (scopes) + 1; | ||
980 | if (NULL != vattr) | ||
981 | slen += strlen (vattr) + 1; | ||
982 | if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage)) | ||
983 | { | ||
984 | GNUNET_break (0); | ||
985 | return NULL; | ||
986 | } | ||
987 | op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); | ||
988 | op->h = id; | ||
989 | op->iss_cb = cb; | ||
990 | op->cls = cb_cls; | ||
991 | op->r_id = id->r_id_gen++; | ||
992 | op->env = GNUNET_MQ_msg_extra (im, | ||
993 | slen, | ||
994 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE); | ||
995 | im->id = op->r_id; | ||
996 | im->iss_key = *iss_key; | ||
997 | im->aud_key = *aud_key; | ||
998 | im->scope_len = htonl (strlen(scopes)+1); | ||
999 | im->nonce = htonl (nonce); | ||
1000 | im->expiration = GNUNET_TIME_absolute_hton (expiration); | ||
1001 | GNUNET_memcpy (&im[1], scopes, strlen(scopes)); | ||
1002 | if (NULL != vattr) | ||
1003 | GNUNET_memcpy ((char*)&im[1]+strlen(scopes)+1, vattr, strlen(vattr)); | ||
1004 | GNUNET_CONTAINER_DLL_insert_tail (id->op_head, | ||
1005 | id->op_tail, | ||
1006 | op); | ||
1007 | if (NULL != id->mq) | ||
1008 | GNUNET_MQ_send_copy (id->mq, | ||
1009 | op->env); | ||
1010 | return op; | ||
1011 | } | ||
1012 | |||
1013 | |||
1014 | /** | ||
1015 | * Exchange a token ticket for a token | ||
1016 | * | ||
1017 | * @param id identity provider service | ||
1018 | * @param ticket ticket to exchange | ||
1019 | * @param cont function to call once the operation finished | ||
1020 | * @param cont_cls closure for @a cont | ||
1021 | * @return handle to abort the operation | ||
1022 | */ | ||
1023 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
1024 | GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
1025 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
1026 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, | ||
1027 | GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, | ||
1028 | void *cont_cls) | ||
1029 | { | ||
1030 | struct GNUNET_IDENTITY_PROVIDER_Operation *op; | ||
1031 | struct ExchangeMessage *em; | ||
1032 | size_t slen; | ||
1033 | char *ticket_str; | ||
1034 | |||
1035 | ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); | ||
1036 | |||
1037 | slen = strlen (ticket_str) + 1; | ||
1038 | if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct ExchangeMessage)) | ||
1039 | { | ||
1040 | GNUNET_free (ticket_str); | ||
1041 | GNUNET_break (0); | ||
1042 | return NULL; | ||
1043 | } | ||
1044 | op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation); | ||
1045 | op->h = id; | ||
1046 | op->ex_cb = cont; | ||
1047 | op->cls = cont_cls; | ||
1048 | op->r_id = id->r_id_gen++; | ||
1049 | op->env = GNUNET_MQ_msg_extra (em, | ||
1050 | slen, | ||
1051 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE); | ||
1052 | em->aud_privkey = *aud_privkey; | ||
1053 | em->id = htonl (op->r_id); | ||
1054 | GNUNET_memcpy (&em[1], ticket_str, slen); | ||
1055 | GNUNET_free (ticket_str); | ||
1056 | GNUNET_CONTAINER_DLL_insert_tail (id->op_head, | ||
1057 | id->op_tail, | ||
1058 | op); | ||
1059 | if (NULL != id->mq) | ||
1060 | GNUNET_MQ_send_copy (id->mq, | ||
1061 | op->env); | ||
1062 | return op; | ||
1063 | } | ||
1064 | |||
1065 | |||
1066 | /** | ||
1067 | * Cancel an operation. Note that the operation MAY still | 791 | * Cancel an operation. Note that the operation MAY still |
1068 | * be executed; this merely cancels the continuation; if the request | 792 | * be executed; this merely cancels the continuation; if the request |
1069 | * was already transmitted, the service may still choose to complete | 793 | * was already transmitted, the service may still choose to complete |
@@ -1108,80 +832,6 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h) | |||
1108 | } | 832 | } |
1109 | 833 | ||
1110 | /** | 834 | /** |
1111 | * Convenience API | ||
1112 | */ | ||
1113 | |||
1114 | |||
1115 | /** | ||
1116 | * Destroy token | ||
1117 | * | ||
1118 | * @param token the token | ||
1119 | */ | ||
1120 | void | ||
1121 | GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token) | ||
1122 | { | ||
1123 | GNUNET_assert (NULL != token); | ||
1124 | if (NULL != token->data) | ||
1125 | GNUNET_free (token->data); | ||
1126 | GNUNET_free (token); | ||
1127 | } | ||
1128 | |||
1129 | /** | ||
1130 | * Returns string representation of token. A JSON-Web-Token. | ||
1131 | * | ||
1132 | * @param token the token | ||
1133 | * @return The JWT (must be freed) | ||
1134 | */ | ||
1135 | char * | ||
1136 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token) | ||
1137 | { | ||
1138 | return GNUNET_strdup (token->data); | ||
1139 | } | ||
1140 | |||
1141 | /** | ||
1142 | * Returns string representation of ticket. Base64-Encoded | ||
1143 | * | ||
1144 | * @param ticket the ticket | ||
1145 | * @return the Base64-Encoded ticket | ||
1146 | */ | ||
1147 | char * | ||
1148 | GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) | ||
1149 | { | ||
1150 | return GNUNET_strdup (ticket->data); | ||
1151 | } | ||
1152 | |||
1153 | /** | ||
1154 | * Created a ticket from a string (Base64 encoded ticket) | ||
1155 | * | ||
1156 | * @param input Base64 encoded ticket | ||
1157 | * @param ticket pointer where the ticket is stored | ||
1158 | * @return GNUNET_OK | ||
1159 | */ | ||
1160 | int | ||
1161 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, | ||
1162 | struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket) | ||
1163 | { | ||
1164 | *ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket)); | ||
1165 | (*ticket)->data = GNUNET_strdup (input); | ||
1166 | return GNUNET_OK; | ||
1167 | } | ||
1168 | |||
1169 | |||
1170 | /** | ||
1171 | * Destroys a ticket | ||
1172 | * | ||
1173 | * @param ticket the ticket to destroy | ||
1174 | */ | ||
1175 | void | ||
1176 | GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) | ||
1177 | { | ||
1178 | GNUNET_assert (NULL != ticket); | ||
1179 | if (NULL != ticket->data) | ||
1180 | GNUNET_free (ticket->data); | ||
1181 | GNUNET_free (ticket); | ||
1182 | } | ||
1183 | |||
1184 | /** | ||
1185 | * Store an attribute. If the attribute is already present, | 835 | * Store an attribute. If the attribute is already present, |
1186 | * it is replaced with the new attribute. | 836 | * it is replaced with the new attribute. |
1187 | * | 837 | * |
@@ -1428,7 +1078,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handl | |||
1428 | struct GNUNET_IDENTITY_PROVIDER_Operation * | 1078 | struct GNUNET_IDENTITY_PROVIDER_Operation * |
1429 | GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, | 1079 | GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, |
1430 | const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, | 1080 | const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, |
1431 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, | 1081 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, |
1432 | GNUNET_IDENTITY_PROVIDER_AttributeResult cb, | 1082 | GNUNET_IDENTITY_PROVIDER_AttributeResult cb, |
1433 | void *cb_cls) | 1083 | void *cb_cls) |
1434 | { | 1084 | { |
@@ -1444,14 +1094,14 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand | |||
1444 | h->op_tail, | 1094 | h->op_tail, |
1445 | op); | 1095 | op); |
1446 | op->env = GNUNET_MQ_msg_extra (ctm, | 1096 | op->env = GNUNET_MQ_msg_extra (ctm, |
1447 | sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2), | 1097 | sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket), |
1448 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET); | 1098 | GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET); |
1449 | ctm->identity = *identity; | 1099 | ctm->identity = *identity; |
1450 | ctm->id = htonl (op->r_id); | 1100 | ctm->id = htonl (op->r_id); |
1451 | 1101 | ||
1452 | GNUNET_memcpy ((char*)&ctm[1], | 1102 | GNUNET_memcpy ((char*)&ctm[1], |
1453 | ticket, | 1103 | ticket, |
1454 | sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2)); | 1104 | sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket)); |
1455 | 1105 | ||
1456 | if (NULL != h->mq) | 1106 | if (NULL != h->mq) |
1457 | GNUNET_MQ_send_copy (h->mq, | 1107 | GNUNET_MQ_send_copy (h->mq, |
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c deleted file mode 100644 index 6794e373c..000000000 --- a/src/identity-provider/identity_token.c +++ /dev/null | |||
@@ -1,1006 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2010-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file identity-provider/identity_token.c | ||
23 | * @brief helper library to manage identity tokens | ||
24 | * @author Martin Schanzenbach | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include "gnunet_util_lib.h" | ||
28 | #include "gnunet_signatures.h" | ||
29 | #include "identity_token.h" | ||
30 | #include <jansson.h> | ||
31 | #include <inttypes.h> | ||
32 | |||
33 | #define JWT_ALG "alg" | ||
34 | |||
35 | #define JWT_ALG_VALUE "ED512" | ||
36 | |||
37 | #define JWT_TYP "typ" | ||
38 | |||
39 | #define JWT_TYP_VALUE "jwt" | ||
40 | |||
41 | /** | ||
42 | * Crypto helper functions | ||
43 | */ | ||
44 | |||
45 | static int | ||
46 | create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, | ||
47 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey, | ||
48 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv) | ||
49 | { | ||
50 | struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str; | ||
51 | |||
52 | GNUNET_CRYPTO_hash_to_enc (new_key_hash, | ||
53 | &new_key_hash_str); | ||
54 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str); | ||
55 | static const char ctx_key[] = "gnuid-aes-ctx-key"; | ||
56 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | ||
57 | new_key_hash, sizeof (struct GNUNET_HashCode), | ||
58 | ctx_key, strlen (ctx_key), | ||
59 | NULL, 0); | ||
60 | static const char ctx_iv[] = "gnuid-aes-ctx-iv"; | ||
61 | GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), | ||
62 | new_key_hash, sizeof (struct GNUNET_HashCode), | ||
63 | ctx_iv, strlen (ctx_iv), | ||
64 | NULL, 0); | ||
65 | return GNUNET_OK; | ||
66 | } | ||
67 | |||
68 | |||
69 | |||
70 | /** | ||
71 | * Decrypts data part from a token code | ||
72 | */ | ||
73 | static int | ||
74 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
75 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key, | ||
76 | const char *cyphertext, | ||
77 | size_t cyphertext_len, | ||
78 | char **result_str) | ||
79 | { | ||
80 | struct GNUNET_HashCode new_key_hash; | ||
81 | struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; | ||
82 | struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; | ||
83 | |||
84 | char *str_buf = GNUNET_malloc (cyphertext_len); | ||
85 | size_t str_size; | ||
86 | |||
87 | //Calculate symmetric key from ecdh parameters | ||
88 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_ecdh (priv_key, | ||
89 | ecdh_key, | ||
90 | &new_key_hash)); | ||
91 | |||
92 | create_sym_key_from_ecdh (&new_key_hash, | ||
93 | &enc_key, | ||
94 | &enc_iv); | ||
95 | |||
96 | str_size = GNUNET_CRYPTO_symmetric_decrypt (cyphertext, | ||
97 | cyphertext_len, | ||
98 | &enc_key, | ||
99 | &enc_iv, | ||
100 | str_buf); | ||
101 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
102 | "Decrypted bytes: %zd Expected bytes: %zd\n", | ||
103 | str_size, | ||
104 | cyphertext_len); | ||
105 | if (-1 == str_size) | ||
106 | { | ||
107 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH invalid\n"); | ||
108 | GNUNET_free (str_buf); | ||
109 | return GNUNET_SYSERR; | ||
110 | } | ||
111 | *result_str = GNUNET_malloc (str_size+1); | ||
112 | GNUNET_memcpy (*result_str, str_buf, str_size); | ||
113 | (*result_str)[str_size] = '\0'; | ||
114 | GNUNET_free (str_buf); | ||
115 | return GNUNET_OK; | ||
116 | |||
117 | } | ||
118 | |||
119 | /** | ||
120 | * Decrypt string using pubkey and ECDHE | ||
121 | */ | ||
122 | static int | ||
123 | decrypt_str_ecdhe2 (const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_privkey, | ||
124 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
125 | const char *ciphertext, | ||
126 | size_t ciphertext_len, | ||
127 | char **plaintext) | ||
128 | { | ||
129 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
130 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
131 | struct GNUNET_HashCode new_key_hash; | ||
132 | |||
133 | //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt | ||
134 | *plaintext = GNUNET_malloc (ciphertext_len); | ||
135 | |||
136 | // Derived key K = H(eB) | ||
137 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (ecdh_privkey, | ||
138 | aud_key, | ||
139 | &new_key_hash)); | ||
140 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); | ||
141 | GNUNET_CRYPTO_symmetric_decrypt (ciphertext, | ||
142 | ciphertext_len, | ||
143 | &skey, &iv, | ||
144 | *plaintext); | ||
145 | return GNUNET_OK; | ||
146 | } | ||
147 | |||
148 | |||
149 | /** | ||
150 | * Encrypt string using pubkey and ECDHE | ||
151 | * Returns ECDHE pubkey to be used for decryption | ||
152 | */ | ||
153 | static int | ||
154 | encrypt_str_ecdhe (const char *plaintext, | ||
155 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub_key, | ||
156 | char **cyphertext, | ||
157 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | ||
158 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey) | ||
159 | { | ||
160 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
161 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
162 | struct GNUNET_HashCode new_key_hash; | ||
163 | ssize_t enc_size; | ||
164 | |||
165 | // ECDH keypair E = eG | ||
166 | *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create(); | ||
167 | GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey, | ||
168 | ecdh_pubkey); | ||
169 | |||
170 | //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt | ||
171 | *cyphertext = GNUNET_malloc (strlen (plaintext)); | ||
172 | |||
173 | // Derived key K = H(eB) | ||
174 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey, | ||
175 | pub_key, | ||
176 | &new_key_hash)); | ||
177 | create_sym_key_from_ecdh(&new_key_hash, &skey, &iv); | ||
178 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting string %s\n (len=%zd)", | ||
179 | plaintext, | ||
180 | strlen (plaintext)); | ||
181 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, | ||
182 | strlen (plaintext), | ||
183 | &skey, &iv, | ||
184 | *cyphertext); | ||
185 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted (len=%zd)", enc_size); | ||
186 | return GNUNET_OK; | ||
187 | } | ||
188 | |||
189 | |||
190 | /** | ||
191 | * Identity Token API | ||
192 | */ | ||
193 | |||
194 | |||
195 | /** | ||
196 | * Create an Identity Token | ||
197 | * | ||
198 | * @param type the JSON API resource type | ||
199 | * @param id the JSON API resource id | ||
200 | * @return a new JSON API resource or NULL on error. | ||
201 | */ | ||
202 | struct IdentityToken* | ||
203 | token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey* iss, | ||
204 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud) | ||
205 | { | ||
206 | struct IdentityToken *token; | ||
207 | char* audience; | ||
208 | char* issuer; | ||
209 | |||
210 | issuer = GNUNET_STRINGS_data_to_string_alloc (iss, | ||
211 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
212 | audience = GNUNET_STRINGS_data_to_string_alloc (aud, | ||
213 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
214 | |||
215 | token = GNUNET_malloc (sizeof (struct IdentityToken)); | ||
216 | token_add_attr (token, "iss", issuer); | ||
217 | token_add_attr (token, "aud", audience); | ||
218 | token_add_attr (token, "sub", issuer); | ||
219 | token->aud_key = *aud; | ||
220 | GNUNET_free (issuer); | ||
221 | GNUNET_free (audience); | ||
222 | return token; | ||
223 | } | ||
224 | |||
225 | void | ||
226 | token_destroy (struct IdentityToken *token) | ||
227 | { | ||
228 | struct TokenAttr *attr; | ||
229 | struct TokenAttr *tmp_attr; | ||
230 | struct TokenAttrValue *val; | ||
231 | struct TokenAttrValue *tmp_val; | ||
232 | |||
233 | for (attr = token->attr_head; NULL != attr;) | ||
234 | { | ||
235 | tmp_attr = attr->next; | ||
236 | GNUNET_CONTAINER_DLL_remove (token->attr_head, | ||
237 | token->attr_tail, | ||
238 | attr); | ||
239 | for (val = attr->val_head; NULL != val;) | ||
240 | { | ||
241 | tmp_val = val->next; | ||
242 | GNUNET_CONTAINER_DLL_remove (attr->val_head, | ||
243 | attr->val_tail, | ||
244 | val); | ||
245 | if (NULL != val->value) | ||
246 | GNUNET_free (val->value); | ||
247 | GNUNET_free (val); | ||
248 | val = tmp_val; | ||
249 | } | ||
250 | GNUNET_free (attr->name); | ||
251 | GNUNET_free (attr); | ||
252 | attr = tmp_attr; | ||
253 | } | ||
254 | |||
255 | |||
256 | GNUNET_free (token); | ||
257 | } | ||
258 | |||
259 | void | ||
260 | token_add_attr_json (struct IdentityToken *token, | ||
261 | const char* key, | ||
262 | json_t* value) | ||
263 | { | ||
264 | struct TokenAttr *attr; | ||
265 | struct TokenAttrValue *new_val; | ||
266 | GNUNET_assert (NULL != token); | ||
267 | |||
268 | new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); | ||
269 | new_val->json_value = value; | ||
270 | json_incref(value); | ||
271 | for (attr = token->attr_head; NULL != attr; attr = attr->next) | ||
272 | { | ||
273 | if (0 == strcmp (key, attr->name)) | ||
274 | break; | ||
275 | } | ||
276 | |||
277 | if (NULL == attr) | ||
278 | { | ||
279 | attr = GNUNET_malloc (sizeof (struct TokenAttr)); | ||
280 | attr->name = GNUNET_strdup (key); | ||
281 | GNUNET_CONTAINER_DLL_insert (token->attr_head, | ||
282 | token->attr_tail, | ||
283 | attr); | ||
284 | } | ||
285 | |||
286 | GNUNET_CONTAINER_DLL_insert (attr->val_head, | ||
287 | attr->val_tail, | ||
288 | new_val); | ||
289 | } | ||
290 | |||
291 | void | ||
292 | token_add_attr (struct IdentityToken *token, | ||
293 | const char* key, | ||
294 | const char* value) | ||
295 | { | ||
296 | struct TokenAttr *attr; | ||
297 | struct TokenAttrValue *new_val; | ||
298 | GNUNET_assert (NULL != token); | ||
299 | |||
300 | new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); | ||
301 | new_val->value = GNUNET_strdup (value); | ||
302 | for (attr = token->attr_head; NULL != attr; attr = attr->next) | ||
303 | { | ||
304 | if (0 == strcmp (key, attr->name)) | ||
305 | break; | ||
306 | } | ||
307 | |||
308 | if (NULL == attr) | ||
309 | { | ||
310 | attr = GNUNET_malloc (sizeof (struct TokenAttr)); | ||
311 | attr->name = GNUNET_strdup (key); | ||
312 | GNUNET_CONTAINER_DLL_insert (token->attr_head, | ||
313 | token->attr_tail, | ||
314 | attr); | ||
315 | } | ||
316 | |||
317 | GNUNET_CONTAINER_DLL_insert (attr->val_head, | ||
318 | attr->val_tail, | ||
319 | new_val); | ||
320 | } | ||
321 | |||
322 | void | ||
323 | token_add_attr_int (struct IdentityToken *token, | ||
324 | const char* key, | ||
325 | uint64_t value) | ||
326 | { | ||
327 | struct TokenAttr *attr; | ||
328 | struct TokenAttrValue *new_val; | ||
329 | GNUNET_assert (NULL != token); | ||
330 | |||
331 | new_val = GNUNET_malloc (sizeof (struct TokenAttrValue)); | ||
332 | new_val->int_value = value; | ||
333 | for (attr = token->attr_head; NULL != attr; attr = attr->next) | ||
334 | { | ||
335 | if (0 == strcmp (key, attr->name)) | ||
336 | break; | ||
337 | } | ||
338 | |||
339 | if (NULL == attr) | ||
340 | { | ||
341 | attr = GNUNET_malloc (sizeof (struct TokenAttr)); | ||
342 | attr->name = GNUNET_strdup (key); | ||
343 | GNUNET_CONTAINER_DLL_insert (token->attr_head, | ||
344 | token->attr_tail, | ||
345 | attr); | ||
346 | } | ||
347 | |||
348 | GNUNET_CONTAINER_DLL_insert (attr->val_head, | ||
349 | attr->val_tail, | ||
350 | new_val); | ||
351 | } | ||
352 | |||
353 | static void | ||
354 | parse_json_payload(const char* payload_base64, | ||
355 | struct IdentityToken *token) | ||
356 | { | ||
357 | const char *key; | ||
358 | const json_t *value; | ||
359 | const json_t *arr_value; | ||
360 | char *payload; | ||
361 | int idx; | ||
362 | json_t *payload_json; | ||
363 | json_error_t err_json; | ||
364 | |||
365 | GNUNET_STRINGS_base64_decode (payload_base64, | ||
366 | strlen (payload_base64), | ||
367 | &payload); | ||
368 | //TODO signature and aud key | ||
369 | payload_json = json_loads (payload, JSON_DECODE_ANY, &err_json); | ||
370 | |||
371 | json_object_foreach (payload_json, key, value) | ||
372 | { | ||
373 | if (json_is_array (value)) | ||
374 | { | ||
375 | json_array_foreach (value, idx, arr_value) | ||
376 | { | ||
377 | if (json_is_integer (arr_value)) | ||
378 | token_add_attr_int (token, key, | ||
379 | json_integer_value (arr_value)); | ||
380 | else if (json_is_string (arr_value)) | ||
381 | token_add_attr (token, | ||
382 | key, | ||
383 | json_string_value (arr_value)); | ||
384 | else | ||
385 | token_add_attr_json (token, | ||
386 | key, | ||
387 | (json_t*)arr_value); | ||
388 | } | ||
389 | } else { | ||
390 | if (json_is_integer (value)) | ||
391 | token_add_attr_int (token, key, | ||
392 | json_integer_value (value)); | ||
393 | else if (json_is_string (value)) | ||
394 | token_add_attr (token, key, json_string_value (value)); | ||
395 | else | ||
396 | token_add_attr_json (token, key, (json_t*)value); | ||
397 | } | ||
398 | } | ||
399 | |||
400 | json_decref (payload_json); | ||
401 | GNUNET_free (payload); | ||
402 | } | ||
403 | |||
404 | int | ||
405 | token_parse2 (const char* raw_data, | ||
406 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | ||
407 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
408 | struct IdentityToken **result) | ||
409 | { | ||
410 | char *enc_token_str; | ||
411 | char *tmp_buf; | ||
412 | char *token_str; | ||
413 | char *enc_token; | ||
414 | char *payload_base64; | ||
415 | size_t enc_token_len; | ||
416 | |||
417 | GNUNET_asprintf (&tmp_buf, "%s", raw_data); | ||
418 | strtok (tmp_buf, ","); | ||
419 | enc_token_str = strtok (NULL, ","); | ||
420 | |||
421 | enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str, | ||
422 | strlen (enc_token_str), | ||
423 | &enc_token); | ||
424 | if (GNUNET_OK != decrypt_str_ecdhe2 (priv_key, | ||
425 | aud_key, | ||
426 | enc_token, | ||
427 | enc_token_len, | ||
428 | &token_str)) | ||
429 | { | ||
430 | GNUNET_free (tmp_buf); | ||
431 | GNUNET_free (enc_token); | ||
432 | return GNUNET_SYSERR; | ||
433 | } | ||
434 | |||
435 | GNUNET_assert (NULL != strtok (token_str, ".")); | ||
436 | payload_base64 = strtok (NULL, "."); | ||
437 | |||
438 | *result = GNUNET_malloc (sizeof (struct IdentityToken)); | ||
439 | parse_json_payload (payload_base64, *result); | ||
440 | |||
441 | (*result)->aud_key = *aud_key; | ||
442 | GNUNET_free (enc_token); | ||
443 | GNUNET_free (token_str); | ||
444 | GNUNET_free (tmp_buf); | ||
445 | return GNUNET_OK; | ||
446 | } | ||
447 | |||
448 | int | ||
449 | token_parse (const char* raw_data, | ||
450 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
451 | struct IdentityToken **result) | ||
452 | { | ||
453 | char *ecdh_pubkey_str; | ||
454 | char *enc_token_str; | ||
455 | char *tmp_buf; | ||
456 | char *token_str; | ||
457 | char *enc_token; | ||
458 | char *payload_base64; | ||
459 | size_t enc_token_len; | ||
460 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
461 | |||
462 | GNUNET_asprintf (&tmp_buf, "%s", raw_data); | ||
463 | ecdh_pubkey_str = strtok (tmp_buf, ","); | ||
464 | enc_token_str = strtok (NULL, ","); | ||
465 | |||
466 | GNUNET_assert (NULL != ecdh_pubkey_str); | ||
467 | GNUNET_assert (NULL != enc_token_str); | ||
468 | |||
469 | GNUNET_STRINGS_string_to_data (ecdh_pubkey_str, | ||
470 | strlen (ecdh_pubkey_str), | ||
471 | &ecdh_pubkey, | ||
472 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
473 | enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str, | ||
474 | strlen (enc_token_str), | ||
475 | &enc_token); | ||
476 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, | ||
477 | &ecdh_pubkey, | ||
478 | enc_token, | ||
479 | enc_token_len, | ||
480 | &token_str)) | ||
481 | { | ||
482 | GNUNET_free (tmp_buf); | ||
483 | GNUNET_free (enc_token); | ||
484 | return GNUNET_SYSERR; | ||
485 | } | ||
486 | |||
487 | GNUNET_assert (NULL != strtok (token_str, ".")); | ||
488 | payload_base64 = strtok (NULL, "."); | ||
489 | |||
490 | *result = GNUNET_malloc (sizeof (struct IdentityToken)); | ||
491 | parse_json_payload (payload_base64, *result); | ||
492 | |||
493 | GNUNET_free (enc_token); | ||
494 | GNUNET_free (token_str); | ||
495 | GNUNET_free (tmp_buf); | ||
496 | return GNUNET_OK; | ||
497 | } | ||
498 | |||
499 | static char* | ||
500 | create_json_payload (const struct IdentityToken *token) | ||
501 | { | ||
502 | struct TokenAttr *attr; | ||
503 | struct TokenAttrValue *val; | ||
504 | json_t *root; | ||
505 | char *json_str; | ||
506 | |||
507 | root = json_object(); | ||
508 | for (attr = token->attr_head; NULL != attr; attr = attr->next) | ||
509 | { | ||
510 | for (val = attr->val_head; NULL != val; val = val->next) | ||
511 | { | ||
512 | if (NULL != val->value) | ||
513 | { | ||
514 | json_object_set_new (root, | ||
515 | attr->name, | ||
516 | json_string (val->value)); | ||
517 | } else if (NULL != val->json_value) { | ||
518 | json_object_set (root, | ||
519 | attr->name, | ||
520 | val->json_value); | ||
521 | }else { | ||
522 | json_object_set_new (root, | ||
523 | attr->name, | ||
524 | json_integer (val->int_value)); | ||
525 | } | ||
526 | } | ||
527 | } | ||
528 | json_str = json_dumps (root, JSON_INDENT(1)); | ||
529 | json_decref (root); | ||
530 | return json_str; | ||
531 | } | ||
532 | |||
533 | static char* | ||
534 | create_json_header(void) | ||
535 | { | ||
536 | json_t *root; | ||
537 | char *json_str; | ||
538 | |||
539 | root = json_object (); | ||
540 | json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE)); | ||
541 | json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE)); | ||
542 | |||
543 | json_str = json_dumps (root, JSON_INDENT(1)); | ||
544 | json_decref (root); | ||
545 | return json_str; | ||
546 | } | ||
547 | |||
548 | int | ||
549 | token_to_string (const struct IdentityToken *token, | ||
550 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
551 | char **result) | ||
552 | { | ||
553 | char *payload_str; | ||
554 | char *header_str; | ||
555 | char *payload_base64; | ||
556 | char *header_base64; | ||
557 | char *padding; | ||
558 | char *signature_target; | ||
559 | char *signature_str; | ||
560 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
561 | header_str = create_json_header(); | ||
562 | GNUNET_STRINGS_base64_encode (header_str, | ||
563 | strlen (header_str), | ||
564 | &header_base64); | ||
565 | //Remove GNUNET padding of base64 | ||
566 | padding = strtok(header_base64, "="); | ||
567 | while (NULL != padding) | ||
568 | padding = strtok(NULL, "="); | ||
569 | |||
570 | payload_str = create_json_payload (token); | ||
571 | GNUNET_STRINGS_base64_encode (payload_str, | ||
572 | strlen (payload_str), | ||
573 | &payload_base64); | ||
574 | |||
575 | //Remove GNUNET padding of base64 | ||
576 | padding = strtok(payload_base64, "="); | ||
577 | while (NULL != padding) | ||
578 | padding = strtok(NULL, "="); | ||
579 | |||
580 | GNUNET_asprintf (&signature_target, "%s,%s", header_base64, payload_base64); | ||
581 | purpose = | ||
582 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
583 | strlen (signature_target)); | ||
584 | purpose->size = | ||
585 | htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); | ||
586 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN); | ||
587 | GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target)); | ||
588 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key, | ||
589 | purpose, | ||
590 | (struct GNUNET_CRYPTO_EcdsaSignature *)&token->signature)) | ||
591 | { | ||
592 | GNUNET_free (signature_target); | ||
593 | GNUNET_free (payload_str); | ||
594 | GNUNET_free (payload_base64); | ||
595 | GNUNET_free (header_base64); | ||
596 | GNUNET_free (purpose); | ||
597 | return GNUNET_SYSERR; | ||
598 | } | ||
599 | |||
600 | GNUNET_STRINGS_base64_encode ((const char*)&token->signature, | ||
601 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
602 | &signature_str); | ||
603 | GNUNET_asprintf (result, "%s.%s.%s", | ||
604 | header_base64, payload_base64, signature_str); | ||
605 | GNUNET_free (signature_target); | ||
606 | GNUNET_free (payload_str); | ||
607 | GNUNET_free (header_str); | ||
608 | GNUNET_free (signature_str); | ||
609 | GNUNET_free (payload_base64); | ||
610 | GNUNET_free (header_base64); | ||
611 | GNUNET_free (purpose); | ||
612 | return GNUNET_OK; | ||
613 | } | ||
614 | |||
615 | int | ||
616 | token_serialize (const struct IdentityToken *token, | ||
617 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
618 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, | ||
619 | char **result) | ||
620 | { | ||
621 | char *token_str; | ||
622 | char *enc_token; | ||
623 | char *dh_key_str; | ||
624 | char *enc_token_base64; | ||
625 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
626 | |||
627 | GNUNET_assert (GNUNET_OK == token_to_string (token, | ||
628 | priv_key, | ||
629 | &token_str)); | ||
630 | |||
631 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, | ||
632 | &token->aud_key, | ||
633 | &enc_token, | ||
634 | ecdh_privkey, | ||
635 | &ecdh_pubkey)); | ||
636 | GNUNET_STRINGS_base64_encode (enc_token, | ||
637 | strlen (token_str), | ||
638 | &enc_token_base64); | ||
639 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ecdh_pubkey, | ||
640 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
641 | GNUNET_asprintf (result, "%s,%s", dh_key_str, enc_token_base64); | ||
642 | GNUNET_free (dh_key_str); | ||
643 | GNUNET_free (enc_token_base64); | ||
644 | GNUNET_free (enc_token); | ||
645 | GNUNET_free (token_str); | ||
646 | return GNUNET_OK; | ||
647 | } | ||
648 | |||
649 | struct TokenTicketPayload* | ||
650 | ticket_payload_create (uint64_t nonce, | ||
651 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | ||
652 | const char* lbl_str) | ||
653 | { | ||
654 | struct TokenTicketPayload* payload; | ||
655 | |||
656 | payload = GNUNET_malloc (sizeof (struct TokenTicketPayload)); | ||
657 | payload->nonce = nonce; | ||
658 | payload->identity_key = *identity_pkey; | ||
659 | GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); | ||
660 | return payload; | ||
661 | } | ||
662 | |||
663 | void | ||
664 | ticket_payload_destroy (struct TokenTicketPayload* payload) | ||
665 | { | ||
666 | if (NULL != payload->label) | ||
667 | GNUNET_free (payload->label); | ||
668 | GNUNET_free (payload); | ||
669 | } | ||
670 | |||
671 | void | ||
672 | ticket_payload_serialize (struct TokenTicketPayload *payload, | ||
673 | char **result) | ||
674 | { | ||
675 | char* identity_key_str; | ||
676 | |||
677 | identity_key_str = GNUNET_STRINGS_data_to_string_alloc (&payload->identity_key, | ||
678 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
679 | |||
680 | GNUNET_asprintf (result, | ||
681 | "{\"nonce\": \"%"SCNu64"\",\"identity\": \"%s\",\"label\": \"%s\"}", | ||
682 | payload->nonce, identity_key_str, payload->label); | ||
683 | GNUNET_free (identity_key_str); | ||
684 | |||
685 | } | ||
686 | |||
687 | |||
688 | /** | ||
689 | * Create the token code | ||
690 | * The data is encrypted with a share ECDH derived secret using B (aud_key) | ||
691 | * and e (ecdh_privkey) | ||
692 | * The ticket also contains E (ecdh_pubkey) and a signature over the | ||
693 | * data and E | ||
694 | */ | ||
695 | struct TokenTicket* | ||
696 | ticket_create (uint64_t nonce, | ||
697 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | ||
698 | const char* lbl_str, | ||
699 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) | ||
700 | { | ||
701 | struct TokenTicket *ticket; | ||
702 | struct TokenTicketPayload *code_payload; | ||
703 | |||
704 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | ||
705 | code_payload = ticket_payload_create (nonce, | ||
706 | identity_pkey, | ||
707 | lbl_str); | ||
708 | ticket->aud_key = *aud_key; | ||
709 | ticket->payload = code_payload; | ||
710 | |||
711 | |||
712 | return ticket; | ||
713 | } | ||
714 | |||
715 | void | ||
716 | ticket_destroy (struct TokenTicket *ticket) | ||
717 | { | ||
718 | ticket_payload_destroy (ticket->payload); | ||
719 | GNUNET_free (ticket); | ||
720 | } | ||
721 | |||
722 | int | ||
723 | ticket_serialize (struct TokenTicket *ticket, | ||
724 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
725 | char **result) | ||
726 | { | ||
727 | char *code_payload_str; | ||
728 | char *enc_ticket_payload; | ||
729 | char *ticket_payload_str; | ||
730 | char *ticket_sig_str; | ||
731 | char *ticket_str; | ||
732 | char *dh_key_str; | ||
733 | char *write_ptr; | ||
734 | struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; | ||
735 | |||
736 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
737 | |||
738 | ticket_payload_serialize (ticket->payload, | ||
739 | &code_payload_str); | ||
740 | |||
741 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, | ||
742 | &ticket->aud_key, | ||
743 | &enc_ticket_payload, | ||
744 | &ecdhe_privkey, | ||
745 | &ticket->ecdh_pubkey)); | ||
746 | |||
747 | GNUNET_free (ecdhe_privkey); | ||
748 | |||
749 | purpose = | ||
750 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
751 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E | ||
752 | strlen (code_payload_str)); // E_K (code_str) | ||
753 | purpose->size = | ||
754 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
755 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | ||
756 | strlen (code_payload_str)); | ||
757 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); | ||
758 | write_ptr = (char*) &purpose[1]; | ||
759 | GNUNET_memcpy (write_ptr, | ||
760 | &ticket->ecdh_pubkey, | ||
761 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
762 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); | ||
763 | GNUNET_memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); | ||
764 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, | ||
765 | purpose, | ||
766 | &ticket->signature)); | ||
767 | GNUNET_STRINGS_base64_encode (enc_ticket_payload, | ||
768 | strlen (code_payload_str), | ||
769 | &ticket_payload_str); | ||
770 | ticket_sig_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->signature, | ||
771 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
772 | |||
773 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, | ||
774 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
775 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str); | ||
776 | GNUNET_asprintf (&ticket_str, "{\"data\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", | ||
777 | ticket_payload_str, dh_key_str, ticket_sig_str); | ||
778 | GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); | ||
779 | GNUNET_free (dh_key_str); | ||
780 | GNUNET_free (purpose); | ||
781 | GNUNET_free (ticket_str); | ||
782 | GNUNET_free (ticket_sig_str); | ||
783 | GNUNET_free (code_payload_str); | ||
784 | GNUNET_free (enc_ticket_payload); | ||
785 | GNUNET_free (ticket_payload_str); | ||
786 | return GNUNET_OK; | ||
787 | } | ||
788 | |||
789 | int | ||
790 | ticket_payload_parse(const char *raw_data, | ||
791 | ssize_t data_len, | ||
792 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
793 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, | ||
794 | struct TokenTicketPayload **result) | ||
795 | { | ||
796 | const char* label_str; | ||
797 | const char* nonce_str; | ||
798 | const char* identity_key_str; | ||
799 | |||
800 | json_t *root; | ||
801 | json_t *label_json; | ||
802 | json_t *identity_json; | ||
803 | json_t *nonce_json; | ||
804 | json_error_t err_json; | ||
805 | char* data_str; | ||
806 | uint64_t nonce; | ||
807 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; | ||
808 | |||
809 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, | ||
810 | ecdhe_pkey, | ||
811 | raw_data, | ||
812 | data_len, | ||
813 | &data_str)) | ||
814 | { | ||
815 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Data decryption failed\n"); | ||
816 | return GNUNET_SYSERR; | ||
817 | } | ||
818 | |||
819 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Data: %s\n", data_str); | ||
820 | root = json_loads (data_str, JSON_DECODE_ANY, &err_json); | ||
821 | if (!root) | ||
822 | { | ||
823 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
824 | "Error parsing data: %s\n", err_json.text); | ||
825 | GNUNET_free (data_str); | ||
826 | return GNUNET_SYSERR; | ||
827 | } | ||
828 | |||
829 | identity_json = json_object_get (root, "identity"); | ||
830 | if (!json_is_string (identity_json)) | ||
831 | { | ||
832 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
833 | "Error parsing data: %s\n", err_json.text); | ||
834 | json_decref (root); | ||
835 | GNUNET_free (data_str); | ||
836 | return GNUNET_SYSERR; | ||
837 | } | ||
838 | identity_key_str = json_string_value (identity_json); | ||
839 | GNUNET_STRINGS_string_to_data (identity_key_str, | ||
840 | strlen (identity_key_str), | ||
841 | &id_pkey, | ||
842 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
843 | |||
844 | |||
845 | label_json = json_object_get (root, "label"); | ||
846 | if (!json_is_string (label_json)) | ||
847 | { | ||
848 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
849 | "Error parsing data: %s\n", err_json.text); | ||
850 | json_decref (root); | ||
851 | GNUNET_free (data_str); | ||
852 | return GNUNET_SYSERR; | ||
853 | } | ||
854 | |||
855 | label_str = json_string_value (label_json); | ||
856 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found label: %s\n", label_str); | ||
857 | |||
858 | nonce_json = json_object_get (root, "nonce"); | ||
859 | if (!json_is_string (label_json)) | ||
860 | { | ||
861 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
862 | "Error parsing data: %s\n", err_json.text); | ||
863 | json_decref (root); | ||
864 | GNUNET_free (data_str); | ||
865 | return GNUNET_SYSERR; | ||
866 | } | ||
867 | |||
868 | nonce_str = json_string_value (nonce_json); | ||
869 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str); | ||
870 | |||
871 | GNUNET_assert (0 != sscanf (nonce_str, "%"SCNu64, &nonce)); | ||
872 | |||
873 | *result = ticket_payload_create (nonce, | ||
874 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | ||
875 | label_str); | ||
876 | GNUNET_free (data_str); | ||
877 | json_decref (root); | ||
878 | return GNUNET_OK; | ||
879 | |||
880 | } | ||
881 | |||
882 | int | ||
883 | ticket_parse (const char *raw_data, | ||
884 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
885 | struct TokenTicket **result) | ||
886 | { | ||
887 | const char* enc_data_str; | ||
888 | const char* ecdh_enc_str; | ||
889 | const char* signature_enc_str; | ||
890 | |||
891 | json_t *root; | ||
892 | json_t *signature_json; | ||
893 | json_t *ecdh_json; | ||
894 | json_t *enc_data_json; | ||
895 | json_error_t err_json; | ||
896 | char* enc_data; | ||
897 | char* ticket_decoded; | ||
898 | char* write_ptr; | ||
899 | size_t enc_data_len; | ||
900 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | ||
901 | struct TokenTicket *ticket; | ||
902 | struct TokenTicketPayload *ticket_payload; | ||
903 | |||
904 | ticket_decoded = NULL; | ||
905 | GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &ticket_decoded); | ||
906 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket: %s\n", ticket_decoded); | ||
907 | root = json_loads (ticket_decoded, JSON_DECODE_ANY, &err_json); | ||
908 | if (!root) | ||
909 | { | ||
910 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
911 | "%s\n", err_json.text); | ||
912 | return GNUNET_SYSERR; | ||
913 | } | ||
914 | |||
915 | signature_json = json_object_get (root, "signature"); | ||
916 | ecdh_json = json_object_get (root, "ecdh"); | ||
917 | enc_data_json = json_object_get (root, "data"); | ||
918 | |||
919 | signature_enc_str = json_string_value (signature_json); | ||
920 | ecdh_enc_str = json_string_value (ecdh_json); | ||
921 | enc_data_str = json_string_value (enc_data_json); | ||
922 | |||
923 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | ||
924 | |||
925 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str, | ||
926 | strlen (ecdh_enc_str), | ||
927 | &ticket->ecdh_pubkey, | ||
928 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) | ||
929 | { | ||
930 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in data\n", ecdh_enc_str); | ||
931 | json_decref (root); | ||
932 | GNUNET_free (ticket); | ||
933 | return GNUNET_SYSERR; | ||
934 | } | ||
935 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for data decryption\n", ecdh_enc_str); | ||
936 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, | ||
937 | strlen (signature_enc_str), | ||
938 | &ticket->signature, | ||
939 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) | ||
940 | { | ||
941 | json_decref (root); | ||
942 | GNUNET_free (ticket_decoded); | ||
943 | GNUNET_free (ticket); | ||
944 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in data\n"); | ||
945 | return GNUNET_SYSERR; | ||
946 | } | ||
947 | |||
948 | enc_data_len = GNUNET_STRINGS_base64_decode (enc_data_str, | ||
949 | strlen (enc_data_str), | ||
950 | &enc_data); | ||
951 | |||
952 | |||
953 | if (GNUNET_OK != ticket_payload_parse (enc_data, | ||
954 | enc_data_len, | ||
955 | priv_key, | ||
956 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, | ||
957 | &ticket_payload)) | ||
958 | { | ||
959 | json_decref (root); | ||
960 | GNUNET_free (enc_data); | ||
961 | GNUNET_free (ticket_decoded); | ||
962 | GNUNET_free (ticket); | ||
963 | return GNUNET_SYSERR; | ||
964 | } | ||
965 | |||
966 | ticket->payload = ticket_payload; | ||
967 | purpose = | ||
968 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
969 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E | ||
970 | enc_data_len); // E_K (code_str) | ||
971 | purpose->size = | ||
972 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
973 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | ||
974 | enc_data_len); | ||
975 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); | ||
976 | write_ptr = (char*) &purpose[1]; | ||
977 | GNUNET_memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
978 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); | ||
979 | GNUNET_memcpy (write_ptr, enc_data, enc_data_len); | ||
980 | |||
981 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, | ||
982 | purpose, | ||
983 | &ticket->signature, | ||
984 | &ticket_payload->identity_key)) | ||
985 | { | ||
986 | ticket_destroy (ticket); | ||
987 | GNUNET_free (ticket_decoded); | ||
988 | json_decref (root); | ||
989 | GNUNET_free (purpose); | ||
990 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
991 | "Error verifying signature for ticket\n"); | ||
992 | return GNUNET_SYSERR; | ||
993 | } | ||
994 | *result = ticket; | ||
995 | GNUNET_free (purpose); | ||
996 | |||
997 | GNUNET_free (enc_data); | ||
998 | GNUNET_free (ticket_decoded); | ||
999 | json_decref (root); | ||
1000 | return GNUNET_OK; | ||
1001 | |||
1002 | } | ||
1003 | |||
1004 | |||
1005 | |||
1006 | /* end of identity_token.c */ | ||
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h deleted file mode 100644 index 5988bc668..000000000 --- a/src/identity-provider/identity_token.h +++ /dev/null | |||
@@ -1,351 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file identity-provider/identity_token.h | ||
23 | * @brief GNUnet Identity Provider library | ||
24 | * | ||
25 | */ | ||
26 | #ifndef IDENTITY_TOKEN_H | ||
27 | #define IDENTITY_TOKEN_H | ||
28 | |||
29 | #include "gnunet_crypto_lib.h" | ||
30 | #include <jansson.h> | ||
31 | |||
32 | struct IdentityToken | ||
33 | { | ||
34 | /** | ||
35 | * DLL | ||
36 | */ | ||
37 | struct TokenAttr *attr_head; | ||
38 | |||
39 | /** | ||
40 | * DLL | ||
41 | */ | ||
42 | struct TokenAttr *attr_tail; | ||
43 | |||
44 | /** | ||
45 | * Token Signature | ||
46 | */ | ||
47 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
48 | |||
49 | /** | ||
50 | * Audience Pubkey | ||
51 | */ | ||
52 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
53 | }; | ||
54 | |||
55 | struct TokenAttr | ||
56 | { | ||
57 | /** | ||
58 | * DLL | ||
59 | */ | ||
60 | struct TokenAttr *next; | ||
61 | |||
62 | /** | ||
63 | * DLL | ||
64 | */ | ||
65 | struct TokenAttr *prev; | ||
66 | |||
67 | /** | ||
68 | * Attribute name | ||
69 | */ | ||
70 | char *name; | ||
71 | |||
72 | /** | ||
73 | * Attribute value DLL | ||
74 | */ | ||
75 | struct TokenAttrValue *val_head; | ||
76 | |||
77 | /** | ||
78 | * Attribute value DLL | ||
79 | */ | ||
80 | struct TokenAttrValue *val_tail; | ||
81 | |||
82 | }; | ||
83 | |||
84 | struct TokenAttrValue | ||
85 | { | ||
86 | /** | ||
87 | * DLL | ||
88 | */ | ||
89 | struct TokenAttrValue *next; | ||
90 | |||
91 | /** | ||
92 | * DLL | ||
93 | */ | ||
94 | struct TokenAttrValue *prev; | ||
95 | |||
96 | /** | ||
97 | * Attribute value | ||
98 | */ | ||
99 | char *value; | ||
100 | |||
101 | /** | ||
102 | * Attribute int value | ||
103 | * used if NULL == value | ||
104 | */ | ||
105 | uint64_t int_value; | ||
106 | |||
107 | /** | ||
108 | * Json value | ||
109 | */ | ||
110 | json_t *json_value; | ||
111 | }; | ||
112 | |||
113 | struct TokenTicketPayload | ||
114 | { | ||
115 | /** | ||
116 | * Nonce | ||
117 | */ | ||
118 | uint64_t nonce; | ||
119 | |||
120 | /** | ||
121 | * Label | ||
122 | */ | ||
123 | char *label; | ||
124 | |||
125 | /** | ||
126 | * Issuing Identity | ||
127 | */ | ||
128 | struct GNUNET_CRYPTO_EcdsaPublicKey identity_key; | ||
129 | }; | ||
130 | |||
131 | |||
132 | struct TokenTicket | ||
133 | { | ||
134 | /** | ||
135 | * Meta info | ||
136 | */ | ||
137 | struct TokenTicketPayload *payload; | ||
138 | |||
139 | /** | ||
140 | * ECDH Pubkey | ||
141 | */ | ||
142 | struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; | ||
143 | |||
144 | /** | ||
145 | * Signature | ||
146 | */ | ||
147 | struct GNUNET_CRYPTO_EcdsaSignature signature; | ||
148 | |||
149 | /** | ||
150 | * Target identity | ||
151 | */ | ||
152 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
153 | }; | ||
154 | |||
155 | |||
156 | |||
157 | /** | ||
158 | * Create an identity token | ||
159 | * | ||
160 | * @param iss the issuer string for the token | ||
161 | * @param aud the audience of the token | ||
162 | * | ||
163 | * @return a new token | ||
164 | */ | ||
165 | struct IdentityToken* | ||
166 | token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, | ||
167 | const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); | ||
168 | |||
169 | /** | ||
170 | * Destroy an identity token | ||
171 | * | ||
172 | * @param token the token to destroy | ||
173 | */ | ||
174 | void | ||
175 | token_destroy (struct IdentityToken*token); | ||
176 | |||
177 | /** | ||
178 | * Add a new key value pair to the token | ||
179 | * | ||
180 | * @param token the token to modify | ||
181 | * @param key the key | ||
182 | * @param value the value | ||
183 | */ | ||
184 | void | ||
185 | token_add_attr (struct IdentityToken *token, | ||
186 | const char* key, | ||
187 | const char* value); | ||
188 | |||
189 | /** | ||
190 | * Add a new key value pair to the token | ||
191 | * | ||
192 | * @param token the token to modify | ||
193 | * @param key the key | ||
194 | * @param value the value | ||
195 | */ | ||
196 | void | ||
197 | token_add_attr_int (struct IdentityToken *token, | ||
198 | const char* key, | ||
199 | uint64_t value); | ||
200 | |||
201 | |||
202 | |||
203 | /** | ||
204 | * Add a value to a TokenAttribute | ||
205 | * | ||
206 | * @param attr the token attribute | ||
207 | * @param value value to add | ||
208 | */ | ||
209 | void | ||
210 | token_attr_add_value (const struct TokenAttr *attr, | ||
211 | const char *value); | ||
212 | |||
213 | /** | ||
214 | * Add a new key value pair to the token with the value as json | ||
215 | * | ||
216 | * @param the token to modify | ||
217 | * @param key the key | ||
218 | * @param value the value | ||
219 | * | ||
220 | */ | ||
221 | void | ||
222 | token_add_attr_json (struct IdentityToken *token, | ||
223 | const char* key, | ||
224 | json_t* value); | ||
225 | |||
226 | /** | ||
227 | * Serialize a token. The token will be signed and base64 according to the | ||
228 | * JWT format. The signature is base32-encoded ECDSA. | ||
229 | * The resulting JWT is encrypted using | ||
230 | * ECDHE for the audience and Base64 | ||
231 | * encoded in result. The audience requires the ECDHE public key P | ||
232 | * to decrypt the token T. The key P is included in the result and prepended | ||
233 | * before the token | ||
234 | * | ||
235 | * @param token the token to serialize | ||
236 | * @param priv_key the private key used to sign the token | ||
237 | * @param ecdhe_privkey the ECDHE private key used to encrypt the token | ||
238 | * @param result P,Base64(E(T)) | ||
239 | * | ||
240 | * @return GNUNET_OK on success | ||
241 | */ | ||
242 | int | ||
243 | token_serialize (const struct IdentityToken*token, | ||
244 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
245 | struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, | ||
246 | char **result); | ||
247 | |||
248 | /** | ||
249 | * Parses the serialized token and returns a token | ||
250 | * | ||
251 | * @param data the serialized token | ||
252 | * @param priv_key the private key of the audience | ||
253 | * @param result the token | ||
254 | * | ||
255 | * @return GNUNET_OK on success | ||
256 | */ | ||
257 | int | ||
258 | token_parse (const char* data, | ||
259 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
260 | struct IdentityToken **result); | ||
261 | |||
262 | /** | ||
263 | * Parses the serialized token and returns a token | ||
264 | * This variant is intended for the party that issued the token and also | ||
265 | * wants to decrypt the serialized token. | ||
266 | * | ||
267 | * @param data the serialized token | ||
268 | * @param priv_key the private (!) ECDHE key | ||
269 | * @param aud_key the identity of the audience | ||
270 | * @param result the token | ||
271 | * | ||
272 | * @return GNUNET_OK on success | ||
273 | */ | ||
274 | int | ||
275 | token_parse2 (const char* data, | ||
276 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, | ||
277 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
278 | struct IdentityToken **result); | ||
279 | |||
280 | |||
281 | /** | ||
282 | * | ||
283 | * Returns a JWT-string representation of the token | ||
284 | * | ||
285 | * @param token the token | ||
286 | * @param priv_key the private key used to sign the JWT | ||
287 | * @param result the JWT | ||
288 | * | ||
289 | * @return GNUNET_OK on success | ||
290 | */ | ||
291 | int | ||
292 | token_to_string (const struct IdentityToken *token, | ||
293 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
294 | char **result); | ||
295 | |||
296 | /** | ||
297 | * | ||
298 | * Creates a ticket that can be exchanged by the audience for | ||
299 | * the token. The token must be placed under the label | ||
300 | * | ||
301 | * @param nonce nonce provided by the audience that requested the ticket | ||
302 | * @param iss_pkey the issuer pubkey used to sign the ticket | ||
303 | * @param label the label encoded in the ticket | ||
304 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | ||
305 | * | ||
306 | * @return the ticket | ||
307 | */ | ||
308 | struct TokenTicket* | ||
309 | ticket_create (uint64_t nonce, | ||
310 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | ||
311 | const char* lbl_str, | ||
312 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | ||
313 | |||
314 | /** | ||
315 | * Serialize a ticket. Returns the Base64 representation of the ticket. | ||
316 | * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) | ||
317 | * | ||
318 | * @param ticket the ticket to serialize | ||
319 | * @param priv_key the issuer private key to sign the ticket payload | ||
320 | * @param result the serialized ticket | ||
321 | * | ||
322 | * @return GNUNET_OK on success | ||
323 | */ | ||
324 | int | ||
325 | ticket_serialize (struct TokenTicket *ticket, | ||
326 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
327 | char **result); | ||
328 | |||
329 | /** | ||
330 | * Destroys a ticket | ||
331 | * | ||
332 | * @param the ticket to destroy | ||
333 | */ | ||
334 | void | ||
335 | ticket_destroy (struct TokenTicket *ticket); | ||
336 | |||
337 | /** | ||
338 | * Parses a serialized ticket | ||
339 | * | ||
340 | * @param data the serialized ticket | ||
341 | * @param priv_key the audience private key | ||
342 | * @param ticket the ticket | ||
343 | * | ||
344 | * @return GNUNET_OK on success | ||
345 | */ | ||
346 | int | ||
347 | ticket_parse (const char* raw_data, | ||
348 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | ||
349 | struct TokenTicket **ticket); | ||
350 | |||
351 | #endif | ||
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c index 7a19ba827..ff2d3a22e 100644 --- a/src/identity-provider/plugin_identity_provider_sqlite.c +++ b/src/identity-provider/plugin_identity_provider_sqlite.c | |||
@@ -358,7 +358,7 @@ database_shutdown (struct Plugin *plugin) | |||
358 | */ | 358 | */ |
359 | static int | 359 | static int |
360 | identity_provider_sqlite_store_ticket (void *cls, | 360 | identity_provider_sqlite_store_ticket (void *cls, |
361 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) | 361 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
362 | { | 362 | { |
363 | struct Plugin *plugin = cls; | 363 | struct Plugin *plugin = cls; |
364 | int n; | 364 | int n; |
@@ -437,7 +437,7 @@ identity_provider_sqlite_store_ticket (void *cls, | |||
437 | */ | 437 | */ |
438 | static int | 438 | static int |
439 | identity_provider_sqlite_delete_ticket (void *cls, | 439 | identity_provider_sqlite_delete_ticket (void *cls, |
440 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) | 440 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket) |
441 | { | 441 | { |
442 | struct Plugin *plugin = cls; | 442 | struct Plugin *plugin = cls; |
443 | int n; | 443 | int n; |
@@ -502,7 +502,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin, | |||
502 | GNUNET_IDENTITY_PROVIDER_TicketIterator iter, | 502 | GNUNET_IDENTITY_PROVIDER_TicketIterator iter, |
503 | void *iter_cls) | 503 | void *iter_cls) |
504 | { | 504 | { |
505 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; | 505 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; |
506 | int ret; | 506 | int ret; |
507 | int sret; | 507 | int sret; |
508 | 508 | ||
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c deleted file mode 100644 index dfb935f5b..000000000 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ /dev/null | |||
@@ -1,1216 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2012-2015 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 3, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, | ||
18 | Boston, MA 02110-1301, USA. | ||
19 | */ | ||
20 | /** | ||
21 | * @author Martin Schanzenbach | ||
22 | * @file identity/plugin_rest_identity.c | ||
23 | * @brief GNUnet Namestore REST plugin | ||
24 | * | ||
25 | */ | ||
26 | |||
27 | #include "platform.h" | ||
28 | #include "gnunet_rest_plugin.h" | ||
29 | #include "gnunet_identity_service.h" | ||
30 | #include "gnunet_gns_service.h" | ||
31 | #include "gnunet_gnsrecord_lib.h" | ||
32 | #include "gnunet_namestore_service.h" | ||
33 | #include "gnunet_rest_lib.h" | ||
34 | #include "gnunet_jsonapi_lib.h" | ||
35 | #include "gnunet_jsonapi_util.h" | ||
36 | #include "microhttpd.h" | ||
37 | #include <jansson.h> | ||
38 | #include <inttypes.h> | ||
39 | #include "gnunet_signatures.h" | ||
40 | #include "gnunet_identity_provider_service.h" | ||
41 | |||
42 | /** | ||
43 | * REST root namespace | ||
44 | */ | ||
45 | #define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp" | ||
46 | |||
47 | /** | ||
48 | * Issue namespace | ||
49 | */ | ||
50 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/idp/issue" | ||
51 | |||
52 | /** | ||
53 | * Check namespace TODO | ||
54 | */ | ||
55 | #define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/idp/check" | ||
56 | |||
57 | /** | ||
58 | * Token namespace | ||
59 | */ | ||
60 | #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/idp/token" | ||
61 | |||
62 | /** | ||
63 | * The parameter name in which the ticket must be provided | ||
64 | */ | ||
65 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" | ||
66 | |||
67 | /** | ||
68 | * The parameter name in which the expected nonce must be provided | ||
69 | */ | ||
70 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce" | ||
71 | |||
72 | /** | ||
73 | * The parameter name in which the ticket must be provided | ||
74 | */ | ||
75 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN "token" | ||
76 | |||
77 | /** | ||
78 | * The URL parameter name in which the nonce must be provided | ||
79 | */ | ||
80 | #define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce" | ||
81 | |||
82 | /** | ||
83 | * State while collecting all egos | ||
84 | */ | ||
85 | #define ID_REST_STATE_INIT 0 | ||
86 | |||
87 | /** | ||
88 | * Done collecting egos | ||
89 | */ | ||
90 | #define ID_REST_STATE_POST_INIT 1 | ||
91 | |||
92 | /** | ||
93 | * Resource type | ||
94 | */ | ||
95 | #define GNUNET_REST_JSONAPI_IDENTITY_TOKEN "token" | ||
96 | |||
97 | /** | ||
98 | * URL parameter to create a GNUid token for a specific audience | ||
99 | */ | ||
100 | #define GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST "audience" | ||
101 | |||
102 | /** | ||
103 | * URL parameter to create a GNUid token for a specific issuer (EGO) | ||
104 | */ | ||
105 | #define GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST "issuer" | ||
106 | |||
107 | /** | ||
108 | * Attributes passed to issue request | ||
109 | */ | ||
110 | #define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs" | ||
111 | |||
112 | /** | ||
113 | * Attributes passed to issue request | ||
114 | */ | ||
115 | #define GNUNET_IDENTITY_TOKEN_V_ATTR_LIST "requested_verified_attrs" | ||
116 | |||
117 | |||
118 | /** | ||
119 | * Token expiration string | ||
120 | */ | ||
121 | #define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration" | ||
122 | |||
123 | /** | ||
124 | * Error messages | ||
125 | */ | ||
126 | #define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid" | ||
127 | #define GNUNET_REST_ERROR_NO_DATA "No data" | ||
128 | |||
129 | /** | ||
130 | * GNUid token lifetime | ||
131 | */ | ||
132 | #define GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS 300000000 | ||
133 | |||
134 | /** | ||
135 | * The configuration handle | ||
136 | */ | ||
137 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
138 | |||
139 | /** | ||
140 | * HTTP methods allows for this plugin | ||
141 | */ | ||
142 | static char* allow_methods; | ||
143 | |||
144 | /** | ||
145 | * @brief struct returned by the initialization function of the plugin | ||
146 | */ | ||
147 | struct Plugin | ||
148 | { | ||
149 | const struct GNUNET_CONFIGURATION_Handle *cfg; | ||
150 | }; | ||
151 | |||
152 | /** | ||
153 | * The ego list | ||
154 | */ | ||
155 | struct EgoEntry | ||
156 | { | ||
157 | /** | ||
158 | * DLL | ||
159 | */ | ||
160 | struct EgoEntry *next; | ||
161 | |||
162 | /** | ||
163 | * DLL | ||
164 | */ | ||
165 | struct EgoEntry *prev; | ||
166 | |||
167 | /** | ||
168 | * Ego Identifier | ||
169 | */ | ||
170 | char *identifier; | ||
171 | |||
172 | /** | ||
173 | * Public key string | ||
174 | */ | ||
175 | char *keystring; | ||
176 | |||
177 | /** | ||
178 | * The Ego | ||
179 | */ | ||
180 | struct GNUNET_IDENTITY_Ego *ego; | ||
181 | }; | ||
182 | |||
183 | |||
184 | struct RequestHandle | ||
185 | { | ||
186 | /** | ||
187 | * Ego list | ||
188 | */ | ||
189 | struct EgoEntry *ego_head; | ||
190 | |||
191 | /** | ||
192 | * Ego list | ||
193 | */ | ||
194 | struct EgoEntry *ego_tail; | ||
195 | |||
196 | /** | ||
197 | * Selected ego | ||
198 | */ | ||
199 | struct EgoEntry *ego_entry; | ||
200 | |||
201 | /** | ||
202 | * Ptr to current ego private key | ||
203 | */ | ||
204 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
205 | |||
206 | /** | ||
207 | * Handle to the rest connection | ||
208 | */ | ||
209 | struct GNUNET_REST_RequestHandle *conndata_handle; | ||
210 | |||
211 | /** | ||
212 | * The processing state | ||
213 | */ | ||
214 | int state; | ||
215 | |||
216 | /** | ||
217 | * Handle to Identity service. | ||
218 | */ | ||
219 | struct GNUNET_IDENTITY_Handle *identity_handle; | ||
220 | |||
221 | /** | ||
222 | * IDENTITY Operation | ||
223 | */ | ||
224 | struct GNUNET_IDENTITY_Operation *op; | ||
225 | |||
226 | /** | ||
227 | * Identity Provider | ||
228 | */ | ||
229 | struct GNUNET_IDENTITY_PROVIDER_Handle *idp; | ||
230 | |||
231 | /** | ||
232 | * Idp Operation | ||
233 | */ | ||
234 | struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op; | ||
235 | |||
236 | /** | ||
237 | * Handle to NS service | ||
238 | */ | ||
239 | struct GNUNET_NAMESTORE_Handle *ns_handle; | ||
240 | |||
241 | /** | ||
242 | * NS iterator | ||
243 | */ | ||
244 | struct GNUNET_NAMESTORE_ZoneIterator *ns_it; | ||
245 | |||
246 | /** | ||
247 | * NS Handle | ||
248 | */ | ||
249 | struct GNUNET_NAMESTORE_QueueEntry *ns_qe; | ||
250 | |||
251 | /** | ||
252 | * Desired timeout for the lookup (default is no timeout). | ||
253 | */ | ||
254 | struct GNUNET_TIME_Relative timeout; | ||
255 | |||
256 | /** | ||
257 | * ID of a task associated with the resolution process. | ||
258 | */ | ||
259 | struct GNUNET_SCHEDULER_Task *timeout_task; | ||
260 | |||
261 | /** | ||
262 | * The plugin result processor | ||
263 | */ | ||
264 | GNUNET_REST_ResultProcessor proc; | ||
265 | |||
266 | /** | ||
267 | * The closure of the result processor | ||
268 | */ | ||
269 | void *proc_cls; | ||
270 | |||
271 | /** | ||
272 | * The url | ||
273 | */ | ||
274 | char *url; | ||
275 | |||
276 | /** | ||
277 | * Error response message | ||
278 | */ | ||
279 | char *emsg; | ||
280 | |||
281 | /** | ||
282 | * Reponse code | ||
283 | */ | ||
284 | int response_code; | ||
285 | |||
286 | /** | ||
287 | * Response object | ||
288 | */ | ||
289 | struct GNUNET_JSONAPI_Document *resp_object; | ||
290 | |||
291 | }; | ||
292 | |||
293 | |||
294 | /** | ||
295 | * Cleanup lookup handle | ||
296 | * @param handle Handle to clean up | ||
297 | */ | ||
298 | static void | ||
299 | cleanup_handle (struct RequestHandle *handle) | ||
300 | { | ||
301 | struct EgoEntry *ego_entry; | ||
302 | struct EgoEntry *ego_tmp; | ||
303 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
304 | "Cleaning up\n"); | ||
305 | if (NULL != handle->resp_object) | ||
306 | GNUNET_JSONAPI_document_delete (handle->resp_object); | ||
307 | if (NULL != handle->timeout_task) | ||
308 | GNUNET_SCHEDULER_cancel (handle->timeout_task); | ||
309 | if (NULL != handle->identity_handle) | ||
310 | GNUNET_IDENTITY_disconnect (handle->identity_handle); | ||
311 | if (NULL != handle->idp) | ||
312 | GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp); | ||
313 | if (NULL != handle->ns_it) | ||
314 | GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it); | ||
315 | if (NULL != handle->ns_qe) | ||
316 | GNUNET_NAMESTORE_cancel (handle->ns_qe); | ||
317 | if (NULL != handle->ns_handle) | ||
318 | GNUNET_NAMESTORE_disconnect (handle->ns_handle); | ||
319 | if (NULL != handle->url) | ||
320 | GNUNET_free (handle->url); | ||
321 | if (NULL != handle->emsg) | ||
322 | GNUNET_free (handle->emsg); | ||
323 | for (ego_entry = handle->ego_head; | ||
324 | NULL != ego_entry;) | ||
325 | { | ||
326 | ego_tmp = ego_entry; | ||
327 | ego_entry = ego_entry->next; | ||
328 | GNUNET_free (ego_tmp->identifier); | ||
329 | GNUNET_free (ego_tmp->keystring); | ||
330 | GNUNET_free (ego_tmp); | ||
331 | } | ||
332 | GNUNET_free (handle); | ||
333 | } | ||
334 | |||
335 | |||
336 | /** | ||
337 | * Task run on error, sends error message. Cleans up everything. | ||
338 | * | ||
339 | * @param cls the `struct RequestHandle` | ||
340 | */ | ||
341 | static void | ||
342 | do_error (void *cls) | ||
343 | { | ||
344 | struct RequestHandle *handle = cls; | ||
345 | struct MHD_Response *resp; | ||
346 | char *json_error; | ||
347 | |||
348 | GNUNET_asprintf (&json_error, | ||
349 | "{Error while processing request: %s}", | ||
350 | handle->emsg); | ||
351 | resp = GNUNET_REST_create_response (json_error); | ||
352 | handle->proc (handle->proc_cls, resp, handle->response_code); | ||
353 | cleanup_handle (handle); | ||
354 | GNUNET_free (json_error); | ||
355 | } | ||
356 | |||
357 | /** | ||
358 | * Task run on timeout, sends error message. Cleans up everything. | ||
359 | * | ||
360 | * @param cls the `struct RequestHandle` | ||
361 | */ | ||
362 | static void | ||
363 | do_timeout (void *cls) | ||
364 | { | ||
365 | struct RequestHandle *handle = cls; | ||
366 | |||
367 | handle->timeout_task = NULL; | ||
368 | do_error (handle); | ||
369 | } | ||
370 | |||
371 | |||
372 | /** | ||
373 | * Task run on shutdown. Cleans up everything. | ||
374 | * | ||
375 | * @param cls unused | ||
376 | */ | ||
377 | static void | ||
378 | do_cleanup_handle_delayed (void *cls) | ||
379 | { | ||
380 | struct RequestHandle *handle = cls; | ||
381 | |||
382 | cleanup_handle (handle); | ||
383 | } | ||
384 | |||
385 | |||
386 | /** | ||
387 | * Get a ticket for identity | ||
388 | * @param cls the handle | ||
389 | * @param ticket the ticket returned from the idp | ||
390 | */ | ||
391 | static void | ||
392 | token_creat_cont (void *cls, | ||
393 | const char *label, | ||
394 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
395 | const struct GNUNET_IDENTITY_PROVIDER_Token *token) | ||
396 | { | ||
397 | struct GNUNET_JSONAPI_Resource *json_resource; | ||
398 | struct RequestHandle *handle = cls; | ||
399 | struct MHD_Response *resp; | ||
400 | json_t *ticket_json; | ||
401 | json_t *token_json; | ||
402 | char *ticket_str; | ||
403 | char *token_str; | ||
404 | char *result_str; | ||
405 | |||
406 | handle->idp_op = NULL; | ||
407 | |||
408 | if (NULL == ticket) | ||
409 | { | ||
410 | handle->emsg = GNUNET_strdup ("Error in token issue"); | ||
411 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
412 | return; | ||
413 | } | ||
414 | |||
415 | handle->resp_object = GNUNET_JSONAPI_document_new (); | ||
416 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, | ||
417 | label); | ||
418 | ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket); | ||
419 | token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); | ||
420 | ticket_json = json_string (ticket_str); | ||
421 | token_json = json_string (token_str); | ||
422 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
423 | GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, | ||
424 | ticket_json); | ||
425 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
426 | GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN, | ||
427 | token_json); | ||
428 | GNUNET_free (ticket_str); | ||
429 | GNUNET_free (token_str); | ||
430 | json_decref (ticket_json); | ||
431 | json_decref (token_json); | ||
432 | GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); | ||
433 | |||
434 | GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); | ||
435 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); | ||
436 | resp = GNUNET_REST_create_response (result_str); | ||
437 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
438 | GNUNET_free (result_str); | ||
439 | GNUNET_SCHEDULER_add_now (&do_cleanup_handle_delayed, handle); | ||
440 | } | ||
441 | |||
442 | |||
443 | /** | ||
444 | * Continueationf for token issue request | ||
445 | * | ||
446 | * @param con the Rest handle | ||
447 | * @param url the requested url | ||
448 | * @param cls the request handle | ||
449 | */ | ||
450 | static void | ||
451 | issue_token_cont (struct GNUNET_REST_RequestHandle *con, | ||
452 | const char *url, | ||
453 | void *cls) | ||
454 | { | ||
455 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
456 | const char *egoname; | ||
457 | |||
458 | struct RequestHandle *handle = cls; | ||
459 | struct EgoEntry *ego_entry; | ||
460 | struct GNUNET_HashCode key; | ||
461 | struct MHD_Response *resp; | ||
462 | struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; | ||
463 | struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; | ||
464 | struct GNUNET_TIME_Relative etime_rel; | ||
465 | struct GNUNET_TIME_Absolute exp_time; | ||
466 | char *ego_val; | ||
467 | char *audience; | ||
468 | char *exp_str; | ||
469 | char *nonce_str; | ||
470 | char *scopes; | ||
471 | char *vattrs; | ||
472 | uint64_t time; | ||
473 | uint64_t nonce; | ||
474 | |||
475 | if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, | ||
476 | GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) | ||
477 | { | ||
478 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "URL invalid: %s\n", handle->url); | ||
479 | resp = GNUNET_REST_create_response (NULL); | ||
480 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | ||
481 | cleanup_handle (handle); | ||
482 | return; | ||
483 | } | ||
484 | egoname = NULL; | ||
485 | ego_entry = NULL; | ||
486 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, | ||
487 | strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), | ||
488 | &key); | ||
489 | if ( GNUNET_YES != | ||
490 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
491 | &key) ) | ||
492 | { | ||
493 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
494 | "Issuer not found\n"); | ||
495 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
496 | return; | ||
497 | } | ||
498 | ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
499 | &key); | ||
500 | if (NULL == ego_val) | ||
501 | { | ||
502 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
503 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
504 | "Ego invalid: %s\n", | ||
505 | ego_val); | ||
506 | return; | ||
507 | } | ||
508 | for (ego_entry = handle->ego_head; | ||
509 | NULL != ego_entry; | ||
510 | ego_entry = ego_entry->next) | ||
511 | { | ||
512 | if (0 != strcmp (ego_val, ego_entry->identifier)) | ||
513 | continue; | ||
514 | egoname = ego_entry->identifier; | ||
515 | break; | ||
516 | } | ||
517 | if ( (NULL == egoname) || | ||
518 | (NULL == ego_entry) ) | ||
519 | { | ||
520 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
521 | "Ego not found: %s\n", | ||
522 | ego_val); | ||
523 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
524 | return; | ||
525 | } | ||
526 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
527 | "Ego to issue token for: %s\n", | ||
528 | egoname); | ||
529 | |||
530 | |||
531 | //Meta info | ||
532 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST, | ||
533 | strlen (GNUNET_IDENTITY_TOKEN_ATTR_LIST), | ||
534 | &key); | ||
535 | |||
536 | scopes = NULL; | ||
537 | if ( GNUNET_YES != | ||
538 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
539 | &key) ) | ||
540 | { | ||
541 | handle->emsg = GNUNET_strdup ("Scopes missing!\n"); | ||
542 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
543 | return; | ||
544 | } | ||
545 | scopes = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
546 | &key); | ||
547 | |||
548 | //vattrs | ||
549 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST, | ||
550 | strlen (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST), | ||
551 | &key); | ||
552 | |||
553 | vattrs = NULL; | ||
554 | if ( GNUNET_YES == | ||
555 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
556 | &key) ) | ||
557 | { | ||
558 | vattrs = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
559 | &key); | ||
560 | } | ||
561 | |||
562 | |||
563 | |||
564 | //Token audience | ||
565 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST, | ||
566 | strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST), | ||
567 | &key); | ||
568 | audience = NULL; | ||
569 | if ( GNUNET_YES != | ||
570 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
571 | &key) ) | ||
572 | { | ||
573 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
574 | "Audience missing!\n"); | ||
575 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
576 | return; | ||
577 | } | ||
578 | audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
579 | &key); | ||
580 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
581 | "Audience to issue token for: %s\n", | ||
582 | audience); | ||
583 | |||
584 | priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
585 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, | ||
586 | &pub_key); | ||
587 | GNUNET_STRINGS_string_to_data (audience, | ||
588 | strlen (audience), | ||
589 | &aud_key, | ||
590 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
591 | |||
592 | //Remote nonce | ||
593 | nonce_str = NULL; | ||
594 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_REQUEST_NONCE, | ||
595 | strlen (GNUNET_IDENTITY_TOKEN_REQUEST_NONCE), | ||
596 | &key); | ||
597 | if ( GNUNET_YES != | ||
598 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
599 | &key) ) | ||
600 | { | ||
601 | handle->emsg = GNUNET_strdup ("Request nonce missing!\n"); | ||
602 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
603 | return; | ||
604 | } | ||
605 | nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
606 | &key); | ||
607 | GNUNET_assert (NULL != nonce_str); | ||
608 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
609 | "Request nonce: %s\n", | ||
610 | nonce_str); | ||
611 | GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &nonce)); | ||
612 | |||
613 | //Get expiration for token from URL parameter | ||
614 | GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_EXP_STRING, | ||
615 | strlen (GNUNET_IDENTITY_TOKEN_EXP_STRING), | ||
616 | &key); | ||
617 | |||
618 | exp_str = NULL; | ||
619 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
620 | &key)) | ||
621 | { | ||
622 | exp_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
623 | &key); | ||
624 | } | ||
625 | if (NULL == exp_str) { | ||
626 | handle->emsg = GNUNET_strdup ("No expiration given!\n"); | ||
627 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
628 | return; | ||
629 | } | ||
630 | |||
631 | if (GNUNET_OK != | ||
632 | GNUNET_STRINGS_fancy_time_to_relative (exp_str, | ||
633 | &etime_rel)) | ||
634 | { | ||
635 | handle->emsg = GNUNET_strdup ("Expiration invalid!\n"); | ||
636 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
637 | return; | ||
638 | } | ||
639 | time = GNUNET_TIME_absolute_get().abs_value_us; | ||
640 | exp_time.abs_value_us = time + etime_rel.rel_value_us; | ||
641 | |||
642 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | ||
643 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp, | ||
644 | priv_key, | ||
645 | &aud_key, | ||
646 | scopes, | ||
647 | vattrs, | ||
648 | exp_time, | ||
649 | nonce, | ||
650 | &token_creat_cont, | ||
651 | handle); | ||
652 | |||
653 | } | ||
654 | |||
655 | |||
656 | /** | ||
657 | * Build a GNUid token for identity | ||
658 | * | ||
659 | * @param cls the request handle | ||
660 | */ | ||
661 | static void | ||
662 | return_token_list (void *cls) | ||
663 | { | ||
664 | char* result_str; | ||
665 | struct RequestHandle *handle = cls; | ||
666 | struct MHD_Response *resp; | ||
667 | |||
668 | GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str); | ||
669 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); | ||
670 | resp = GNUNET_REST_create_response (result_str); | ||
671 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
672 | GNUNET_free (result_str); | ||
673 | cleanup_handle (handle); | ||
674 | } | ||
675 | |||
676 | |||
677 | static void | ||
678 | token_collect_error_cb (void *cls) | ||
679 | { | ||
680 | struct RequestHandle *handle = cls; | ||
681 | |||
682 | do_error (handle); | ||
683 | } | ||
684 | |||
685 | |||
686 | /** | ||
687 | * Collect all tokens for an ego | ||
688 | * | ||
689 | * TODO move this into the identity-provider service | ||
690 | * | ||
691 | */ | ||
692 | static void | ||
693 | token_collect (void *cls, | ||
694 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
695 | const char *label, | ||
696 | unsigned int rd_count, | ||
697 | const struct GNUNET_GNSRECORD_Data *rd); | ||
698 | |||
699 | |||
700 | static void | ||
701 | token_collect_finished_cb (void *cls) | ||
702 | { | ||
703 | struct RequestHandle *handle = cls; | ||
704 | struct EgoEntry *ego_tmp; | ||
705 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
706 | |||
707 | ego_tmp = handle->ego_head; | ||
708 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, | ||
709 | handle->ego_tail, | ||
710 | ego_tmp); | ||
711 | GNUNET_free (ego_tmp->identifier); | ||
712 | GNUNET_free (ego_tmp->keystring); | ||
713 | GNUNET_free (ego_tmp); | ||
714 | |||
715 | if (NULL == handle->ego_head) | ||
716 | { | ||
717 | //Done | ||
718 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token END\n"); | ||
719 | handle->ns_it = NULL; | ||
720 | GNUNET_SCHEDULER_add_now (&return_token_list, handle); | ||
721 | return; | ||
722 | } | ||
723 | |||
724 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
725 | "Next ego: %s\n", | ||
726 | handle->ego_head->identifier); | ||
727 | priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); | ||
728 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, | ||
729 | priv_key, | ||
730 | &token_collect_error_cb, | ||
731 | handle, | ||
732 | &token_collect, | ||
733 | handle, | ||
734 | &token_collect_finished_cb, | ||
735 | handle); | ||
736 | } | ||
737 | |||
738 | |||
739 | /** | ||
740 | * Collect all tokens for an ego | ||
741 | * | ||
742 | * TODO move this into the identity-provider service | ||
743 | * | ||
744 | */ | ||
745 | static void | ||
746 | token_collect (void *cls, | ||
747 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
748 | const char *label, | ||
749 | unsigned int rd_count, | ||
750 | const struct GNUNET_GNSRECORD_Data *rd) | ||
751 | { | ||
752 | struct RequestHandle *handle = cls; | ||
753 | int i; | ||
754 | char* data; | ||
755 | struct GNUNET_JSONAPI_Resource *json_resource; | ||
756 | json_t *issuer; | ||
757 | json_t *token; | ||
758 | |||
759 | for (i = 0; i < rd_count; i++) | ||
760 | { | ||
761 | if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN) | ||
762 | { | ||
763 | data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type, | ||
764 | rd[i].data, | ||
765 | rd[i].data_size); | ||
766 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token: %s\n", data); | ||
767 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN, | ||
768 | label); | ||
769 | issuer = json_string (handle->ego_head->identifier); | ||
770 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
771 | GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, | ||
772 | issuer); | ||
773 | json_decref (issuer); | ||
774 | token = json_string (data); | ||
775 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
776 | GNUNET_REST_JSONAPI_IDENTITY_TOKEN, | ||
777 | token); | ||
778 | json_decref (token); | ||
779 | |||
780 | GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource); | ||
781 | GNUNET_free (data); | ||
782 | } | ||
783 | } | ||
784 | |||
785 | GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); | ||
786 | } | ||
787 | |||
788 | |||
789 | |||
790 | /** | ||
791 | * Respond to OPTIONS request | ||
792 | * | ||
793 | * @param con_handle the connection handle | ||
794 | * @param url the url | ||
795 | * @param cls the RequestHandle | ||
796 | */ | ||
797 | static void | ||
798 | list_token_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
799 | const char* url, | ||
800 | void *cls) | ||
801 | { | ||
802 | char* ego_val; | ||
803 | struct GNUNET_HashCode key; | ||
804 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | ||
805 | struct RequestHandle *handle = cls; | ||
806 | struct EgoEntry *ego_entry; | ||
807 | struct EgoEntry *ego_tmp; | ||
808 | |||
809 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST, | ||
810 | strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST), | ||
811 | &key); | ||
812 | |||
813 | if ( GNUNET_YES != | ||
814 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
815 | &key) ) | ||
816 | { | ||
817 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No issuer given.\n"); | ||
818 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
819 | return; | ||
820 | } | ||
821 | ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
822 | &key); | ||
823 | GNUNET_assert (NULL != ego_val); | ||
824 | //Remove non-matching egos | ||
825 | for (ego_entry = handle->ego_head; | ||
826 | NULL != ego_entry;) | ||
827 | { | ||
828 | ego_tmp = ego_entry; | ||
829 | ego_entry = ego_entry->next; | ||
830 | if (0 != strcmp (ego_val, ego_tmp->identifier)) | ||
831 | { | ||
832 | GNUNET_CONTAINER_DLL_remove (handle->ego_head, | ||
833 | handle->ego_tail, | ||
834 | ego_tmp); | ||
835 | GNUNET_free (ego_tmp->identifier); | ||
836 | GNUNET_free (ego_tmp->keystring); | ||
837 | GNUNET_free (ego_tmp); | ||
838 | } | ||
839 | } | ||
840 | handle->resp_object = GNUNET_JSONAPI_document_new (); | ||
841 | if (NULL == handle->ego_head) | ||
842 | { | ||
843 | //Done | ||
844 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No results.\n"); | ||
845 | GNUNET_SCHEDULER_add_now (&return_token_list, handle); | ||
846 | return; | ||
847 | } | ||
848 | priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego); | ||
849 | handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); | ||
850 | handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, | ||
851 | priv_key, | ||
852 | &token_collect_error_cb, | ||
853 | handle, | ||
854 | &token_collect, | ||
855 | handle, | ||
856 | &token_collect_finished_cb, | ||
857 | handle); | ||
858 | |||
859 | } | ||
860 | |||
861 | /** | ||
862 | * Return token to requestor | ||
863 | * | ||
864 | * @param cls request handle | ||
865 | * @param token the token | ||
866 | */ | ||
867 | static void | ||
868 | exchange_cont (void *cls, | ||
869 | const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
870 | uint64_t ticket_nonce) | ||
871 | { | ||
872 | json_t *root; | ||
873 | struct RequestHandle *handle = cls; | ||
874 | struct MHD_Response *resp; | ||
875 | struct GNUNET_HashCode key; | ||
876 | char* result; | ||
877 | char* token_str; | ||
878 | char* nonce_str; | ||
879 | uint64_t expected_nonce; | ||
880 | |||
881 | //Get nonce | ||
882 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE, | ||
883 | strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE), | ||
884 | &key); | ||
885 | |||
886 | if ( GNUNET_NO == | ||
887 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
888 | &key) ) | ||
889 | { | ||
890 | handle->emsg = GNUNET_strdup ("No nonce given."); | ||
891 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
892 | return; | ||
893 | } | ||
894 | nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
895 | &key); | ||
896 | GNUNET_assert (NULL != nonce_str); | ||
897 | GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &expected_nonce)); | ||
898 | |||
899 | if (ticket_nonce != expected_nonce) | ||
900 | { | ||
901 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
902 | "Ticket nonce %"SCNu64" does not match expected nonce %"SCNu64"\n", | ||
903 | ticket_nonce, expected_nonce); | ||
904 | handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n"); | ||
905 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
906 | return; | ||
907 | } | ||
908 | |||
909 | root = json_object (); | ||
910 | token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); | ||
911 | json_object_set_new (root, "token", json_string (token_str)); | ||
912 | json_object_set_new (root, "token_type", json_string ("jwt")); | ||
913 | GNUNET_free (token_str); | ||
914 | |||
915 | result = json_dumps (root, JSON_INDENT(1)); | ||
916 | resp = GNUNET_REST_create_response (result); | ||
917 | GNUNET_free (result); | ||
918 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
919 | cleanup_handle (handle); | ||
920 | json_decref (root); | ||
921 | } | ||
922 | |||
923 | |||
924 | /** | ||
925 | * | ||
926 | * Callback called when identity for token exchange has been found | ||
927 | * | ||
928 | * @param cls request handle | ||
929 | * @param ego the identity to use as issuer | ||
930 | * @param ctx user context | ||
931 | * @param name identity name | ||
932 | * | ||
933 | */ | ||
934 | static void | ||
935 | exchange_token_ticket_cb (void *cls, | ||
936 | struct GNUNET_IDENTITY_Ego *ego, | ||
937 | void **ctx, | ||
938 | const char *name) | ||
939 | { | ||
940 | struct RequestHandle *handle = cls; | ||
941 | struct GNUNET_HashCode key; | ||
942 | struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket; | ||
943 | char* ticket_str; | ||
944 | |||
945 | handle->op = NULL; | ||
946 | |||
947 | if (NULL == ego) | ||
948 | { | ||
949 | handle->emsg = GNUNET_strdup ("No identity found."); | ||
950 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
951 | return; | ||
952 | } | ||
953 | |||
954 | //Get ticket | ||
955 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, | ||
956 | strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET), | ||
957 | &key); | ||
958 | |||
959 | if ( GNUNET_NO == | ||
960 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
961 | &key) ) | ||
962 | { | ||
963 | handle->emsg = GNUNET_strdup ("No ticket given."); | ||
964 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
965 | return; | ||
966 | } | ||
967 | ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
968 | &key); | ||
969 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
970 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, | ||
971 | &ticket); | ||
972 | |||
973 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | ||
974 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp, | ||
975 | ticket, | ||
976 | handle->priv_key, | ||
977 | &exchange_cont, | ||
978 | handle); | ||
979 | GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket); | ||
980 | |||
981 | } | ||
982 | |||
983 | |||
984 | |||
985 | /** | ||
986 | * Respond to issue request | ||
987 | * | ||
988 | * @param con_handle the connection handle | ||
989 | * @param url the url | ||
990 | * @param cls the RequestHandle | ||
991 | */ | ||
992 | static void | ||
993 | exchange_token_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
994 | const char* url, | ||
995 | void *cls) | ||
996 | { | ||
997 | struct RequestHandle *handle = cls; | ||
998 | |||
999 | //Get token from GNS | ||
1000 | handle->op = GNUNET_IDENTITY_get (handle->identity_handle, | ||
1001 | "gns-master", | ||
1002 | &exchange_token_ticket_cb, | ||
1003 | handle); | ||
1004 | } | ||
1005 | |||
1006 | /** | ||
1007 | * Respond to OPTIONS request | ||
1008 | * | ||
1009 | * @param con_handle the connection handle | ||
1010 | * @param url the url | ||
1011 | * @param cls the RequestHandle | ||
1012 | */ | ||
1013 | static void | ||
1014 | options_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1015 | const char* url, | ||
1016 | void *cls) | ||
1017 | { | ||
1018 | struct MHD_Response *resp; | ||
1019 | struct RequestHandle *handle = cls; | ||
1020 | |||
1021 | //For now, independent of path return all options | ||
1022 | resp = GNUNET_REST_create_response (NULL); | ||
1023 | MHD_add_response_header (resp, | ||
1024 | "Access-Control-Allow-Methods", | ||
1025 | allow_methods); | ||
1026 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
1027 | cleanup_handle (handle); | ||
1028 | return; | ||
1029 | } | ||
1030 | |||
1031 | /** | ||
1032 | * Handle rest request | ||
1033 | * | ||
1034 | * @param handle the request handle | ||
1035 | */ | ||
1036 | static void | ||
1037 | init_cont (struct RequestHandle *handle) | ||
1038 | { | ||
1039 | struct GNUNET_REST_RequestHandlerError err; | ||
1040 | static const struct GNUNET_REST_RequestHandler handlers[] = { | ||
1041 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont}, | ||
1042 | //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, | ||
1043 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &list_token_cont}, | ||
1044 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont}, | ||
1045 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, | ||
1046 | GNUNET_REST_HANDLER_END | ||
1047 | }; | ||
1048 | |||
1049 | if (GNUNET_NO == GNUNET_REST_handle_request (handle->conndata_handle, | ||
1050 | handlers, | ||
1051 | &err, | ||
1052 | handle)) | ||
1053 | { | ||
1054 | handle->response_code = err.error_code; | ||
1055 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1056 | } | ||
1057 | } | ||
1058 | |||
1059 | /** | ||
1060 | * If listing is enabled, prints information about the egos. | ||
1061 | * | ||
1062 | * This function is initially called for all egos and then again | ||
1063 | * whenever a ego's identifier changes or if it is deleted. At the | ||
1064 | * end of the initial pass over all egos, the function is once called | ||
1065 | * with 'NULL' for 'ego'. That does NOT mean that the callback won't | ||
1066 | * be invoked in the future or that there was an error. | ||
1067 | * | ||
1068 | * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get', | ||
1069 | * this function is only called ONCE, and 'NULL' being passed in | ||
1070 | * 'ego' does indicate an error (i.e. name is taken or no default | ||
1071 | * value is known). If 'ego' is non-NULL and if '*ctx' | ||
1072 | * is set in those callbacks, the value WILL be passed to a subsequent | ||
1073 | * call to the identity callback of 'GNUNET_IDENTITY_connect' (if | ||
1074 | * that one was not NULL). | ||
1075 | * | ||
1076 | * When an identity is renamed, this function is called with the | ||
1077 | * (known) ego but the NEW identifier. | ||
1078 | * | ||
1079 | * When an identity is deleted, this function is called with the | ||
1080 | * (known) ego and "NULL" for the 'identifier'. In this case, | ||
1081 | * the 'ego' is henceforth invalid (and the 'ctx' should also be | ||
1082 | * cleaned up). | ||
1083 | * | ||
1084 | * @param cls closure | ||
1085 | * @param ego ego handle | ||
1086 | * @param ctx context for application to store data for this ego | ||
1087 | * (during the lifetime of this process, initially NULL) | ||
1088 | * @param identifier identifier assigned by the user for this ego, | ||
1089 | * NULL if the user just deleted the ego and it | ||
1090 | * must thus no longer be used | ||
1091 | */ | ||
1092 | static void | ||
1093 | list_ego (void *cls, | ||
1094 | struct GNUNET_IDENTITY_Ego *ego, | ||
1095 | void **ctx, | ||
1096 | const char *identifier) | ||
1097 | { | ||
1098 | struct RequestHandle *handle = cls; | ||
1099 | struct EgoEntry *ego_entry; | ||
1100 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | ||
1101 | |||
1102 | if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state)) | ||
1103 | { | ||
1104 | handle->state = ID_REST_STATE_POST_INIT; | ||
1105 | init_cont (handle); | ||
1106 | return; | ||
1107 | } | ||
1108 | if (ID_REST_STATE_INIT == handle->state) { | ||
1109 | ego_entry = GNUNET_new (struct EgoEntry); | ||
1110 | GNUNET_IDENTITY_ego_get_public_key (ego, &pk); | ||
1111 | ego_entry->keystring = | ||
1112 | GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk); | ||
1113 | ego_entry->ego = ego; | ||
1114 | ego_entry->identifier = GNUNET_strdup (identifier); | ||
1115 | GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry); | ||
1116 | } | ||
1117 | |||
1118 | } | ||
1119 | |||
1120 | /** | ||
1121 | * Function processing the REST call | ||
1122 | * | ||
1123 | * @param method HTTP method | ||
1124 | * @param url URL of the HTTP request | ||
1125 | * @param data body of the HTTP request (optional) | ||
1126 | * @param data_size length of the body | ||
1127 | * @param proc callback function for the result | ||
1128 | * @param proc_cls closure for callback function | ||
1129 | * @return GNUNET_OK if request accepted | ||
1130 | */ | ||
1131 | static void | ||
1132 | rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, | ||
1133 | GNUNET_REST_ResultProcessor proc, | ||
1134 | void *proc_cls) | ||
1135 | { | ||
1136 | struct RequestHandle *handle = GNUNET_new (struct RequestHandle); | ||
1137 | |||
1138 | handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; | ||
1139 | handle->proc_cls = proc_cls; | ||
1140 | handle->proc = proc; | ||
1141 | handle->state = ID_REST_STATE_INIT; | ||
1142 | handle->conndata_handle = conndata_handle; | ||
1143 | |||
1144 | |||
1145 | handle->url = GNUNET_strdup (conndata_handle->url); | ||
1146 | if (handle->url[strlen (handle->url)-1] == '/') | ||
1147 | handle->url[strlen (handle->url)-1] = '\0'; | ||
1148 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1149 | "Connecting...\n"); | ||
1150 | handle->identity_handle = GNUNET_IDENTITY_connect (cfg, | ||
1151 | &list_ego, | ||
1152 | handle); | ||
1153 | handle->timeout_task = | ||
1154 | GNUNET_SCHEDULER_add_delayed (handle->timeout, | ||
1155 | &do_timeout, | ||
1156 | handle); | ||
1157 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1158 | "Connected\n"); | ||
1159 | } | ||
1160 | |||
1161 | /** | ||
1162 | * Entry point for the plugin. | ||
1163 | * | ||
1164 | * @param cls Config info | ||
1165 | * @return NULL on error, otherwise the plugin context | ||
1166 | */ | ||
1167 | void * | ||
1168 | libgnunet_plugin_rest_identity_provider_init (void *cls) | ||
1169 | { | ||
1170 | static struct Plugin plugin; | ||
1171 | struct GNUNET_REST_Plugin *api; | ||
1172 | |||
1173 | cfg = cls; | ||
1174 | if (NULL != plugin.cfg) | ||
1175 | return NULL; /* can only initialize once! */ | ||
1176 | memset (&plugin, 0, sizeof (struct Plugin)); | ||
1177 | plugin.cfg = cfg; | ||
1178 | api = GNUNET_new (struct GNUNET_REST_Plugin); | ||
1179 | api->cls = &plugin; | ||
1180 | api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER; | ||
1181 | api->process_request = &rest_identity_process_request; | ||
1182 | GNUNET_asprintf (&allow_methods, | ||
1183 | "%s, %s, %s, %s, %s", | ||
1184 | MHD_HTTP_METHOD_GET, | ||
1185 | MHD_HTTP_METHOD_POST, | ||
1186 | MHD_HTTP_METHOD_PUT, | ||
1187 | MHD_HTTP_METHOD_DELETE, | ||
1188 | MHD_HTTP_METHOD_OPTIONS); | ||
1189 | |||
1190 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
1191 | _("Identity Token REST API initialized\n")); | ||
1192 | return api; | ||
1193 | } | ||
1194 | |||
1195 | |||
1196 | /** | ||
1197 | * Exit point from the plugin. | ||
1198 | * | ||
1199 | * @param cls the plugin context (as returned by "init") | ||
1200 | * @return always NULL | ||
1201 | */ | ||
1202 | void * | ||
1203 | libgnunet_plugin_rest_identity_provider_done (void *cls) | ||
1204 | { | ||
1205 | struct GNUNET_REST_Plugin *api = cls; | ||
1206 | struct Plugin *plugin = api->cls; | ||
1207 | |||
1208 | plugin->cfg = NULL; | ||
1209 | GNUNET_free_non_null (allow_methods); | ||
1210 | GNUNET_free (api); | ||
1211 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
1212 | "Identity Token REST plugin is finished\n"); | ||
1213 | return NULL; | ||
1214 | } | ||
1215 | |||
1216 | /* end of plugin_rest_gns.c */ | ||
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h index 9e779bde7..27d7eb44f 100644 --- a/src/include/gnunet_identity_provider_plugin.h +++ b/src/include/gnunet_identity_provider_plugin.h | |||
@@ -50,7 +50,7 @@ extern "C" | |||
50 | * @param ticket the ticket | 50 | * @param ticket the ticket |
51 | */ | 51 | */ |
52 | typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, | 52 | typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, |
53 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); | 53 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); |
54 | 54 | ||
55 | 55 | ||
56 | /** | 56 | /** |
@@ -72,7 +72,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions | |||
72 | * @return #GNUNET_OK on success, else #GNUNET_SYSERR | 72 | * @return #GNUNET_OK on success, else #GNUNET_SYSERR |
73 | */ | 73 | */ |
74 | int (*store_ticket) (void *cls, | 74 | int (*store_ticket) (void *cls, |
75 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); | 75 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); |
76 | 76 | ||
77 | /** | 77 | /** |
78 | * Delete a ticket from the database. | 78 | * Delete a ticket from the database. |
@@ -82,7 +82,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions | |||
82 | * @return #GNUNET_OK on success, else #GNUNET_SYSERR | 82 | * @return #GNUNET_OK on success, else #GNUNET_SYSERR |
83 | */ | 83 | */ |
84 | int (*delete_ticket) (void *cls, | 84 | int (*delete_ticket) (void *cls, |
85 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); | 85 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); |
86 | 86 | ||
87 | 87 | ||
88 | 88 | ||
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index 198e2f918..fb5131567 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h | |||
@@ -57,14 +57,9 @@ struct GNUNET_IDENTITY_PROVIDER_Handle; | |||
57 | struct GNUNET_IDENTITY_PROVIDER_Token; | 57 | struct GNUNET_IDENTITY_PROVIDER_Token; |
58 | 58 | ||
59 | /** | 59 | /** |
60 | * Handle for a ticket DEPRECATED | ||
61 | */ | ||
62 | struct GNUNET_IDENTITY_PROVIDER_Ticket; | ||
63 | |||
64 | /** | ||
65 | * The ticket | 60 | * The ticket |
66 | */ | 61 | */ |
67 | struct GNUNET_IDENTITY_PROVIDER_Ticket2 | 62 | struct GNUNET_IDENTITY_PROVIDER_Ticket |
68 | { | 63 | { |
69 | /** | 64 | /** |
70 | * The ticket issuer | 65 | * The ticket issuer |
@@ -170,38 +165,6 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry | |||
170 | }; | 165 | }; |
171 | 166 | ||
172 | /** | 167 | /** |
173 | * Method called when a token has been exchanged for a ticket. | ||
174 | * On success returns a token | ||
175 | * | ||
176 | * @param cls closure | ||
177 | * @param token the token | ||
178 | */ | ||
179 | typedef void | ||
180 | (*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls, | ||
181 | const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
182 | uint64_t ticket_nonce); | ||
183 | |||
184 | /** TODO DEPRECATED | ||
185 | * Method called when a token has been issued. | ||
186 | * On success returns a ticket that can be given to the audience to retrive the | ||
187 | * token | ||
188 | * | ||
189 | * @param cls closure | ||
190 | * @param grant the label in GNS pointing to the token | ||
191 | * @param ticket the ticket | ||
192 | * @param token the issued token | ||
193 | * @param name name assigned by the user for this ego, | ||
194 | * NULL if the user just deleted the ego and it | ||
195 | * must thus no longer be used | ||
196 | */ | ||
197 | typedef void | ||
198 | (*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls, | ||
199 | const char *grant, | ||
200 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
201 | const struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
202 | |||
203 | |||
204 | /** | ||
205 | * Connect to the identity provider service. | 168 | * Connect to the identity provider service. |
206 | * | 169 | * |
207 | * @param cfg Configuration to contact the identity provider service. | 170 | * @param cfg Configuration to contact the identity provider service. |
@@ -340,7 +303,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At | |||
340 | */ | 303 | */ |
341 | typedef void | 304 | typedef void |
342 | (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, | 305 | (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, |
343 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); | 306 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); |
344 | 307 | ||
345 | /** | 308 | /** |
346 | * Issues a ticket to another identity. The identity may use | 309 | * Issues a ticket to another identity. The identity may use |
@@ -397,7 +360,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Hand | |||
397 | struct GNUNET_IDENTITY_PROVIDER_Operation * | 360 | struct GNUNET_IDENTITY_PROVIDER_Operation * |
398 | GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | 361 | GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, |
399 | const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, | 362 | const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, |
400 | const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, | 363 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, |
401 | GNUNET_IDENTITY_PROVIDER_AttributeResult cb, | 364 | GNUNET_IDENTITY_PROVIDER_AttributeResult cb, |
402 | void *cb_cls); | 365 | void *cb_cls); |
403 | 366 | ||
@@ -474,50 +437,6 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_ | |||
474 | void | 437 | void |
475 | GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); | 438 | GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); |
476 | 439 | ||
477 | /** TODO remove DEPRECATED | ||
478 | * Issue a token for a specific audience. | ||
479 | * | ||
480 | * @param id identity provider service to use | ||
481 | * @param iss issuer (identity) | ||
482 | * @param aud audience (identity) | ||
483 | * @param scope the identity attributes requested, comman separated | ||
484 | * @param expiration the token expiration | ||
485 | * @param nonce the nonce that will be included in token and ticket | ||
486 | * @param cb callback to call with result | ||
487 | * @param cb_cls closure | ||
488 | * @return handle to abort the operation | ||
489 | */ | ||
490 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
491 | GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
492 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, | ||
493 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | ||
494 | const char* scope, | ||
495 | const char* vattr, | ||
496 | struct GNUNET_TIME_Absolute expiration, | ||
497 | uint64_t nonce, | ||
498 | GNUNET_IDENTITY_PROVIDER_IssueCallback cb, | ||
499 | void *cb_cls); | ||
500 | |||
501 | |||
502 | /** TODO remove DEPRECATED | ||
503 | * Exchange a ticket for a token. Intended to be used by audience that | ||
504 | * received a ticket. | ||
505 | * | ||
506 | * @param id identity provider service to use | ||
507 | * @param ticket the ticket to exchange | ||
508 | * @param aud_privkey the audience of the ticket | ||
509 | * @param cont function to call once the operation finished | ||
510 | * @param cont_cls closure for @a cont | ||
511 | * @return handle to abort the operation | ||
512 | */ | ||
513 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
514 | GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | ||
515 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
516 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, | ||
517 | GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, | ||
518 | void *cont_cls); | ||
519 | |||
520 | |||
521 | /** | 440 | /** |
522 | * Disconnect from identity provider service. | 441 | * Disconnect from identity provider service. |
523 | * | 442 | * |
@@ -538,56 +457,6 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); | |||
538 | void | 457 | void |
539 | GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); | 458 | GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); |
540 | 459 | ||
541 | |||
542 | /** | ||
543 | * Convenience API | ||
544 | */ | ||
545 | |||
546 | /** | ||
547 | * Destroy token | ||
548 | * | ||
549 | * @param token the token | ||
550 | */ | ||
551 | void | ||
552 | GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
553 | |||
554 | /** | ||
555 | * Returns string representation of token. A JSON-Web-Token. | ||
556 | * | ||
557 | * @param token the token | ||
558 | * @return The JWT (must be freed) | ||
559 | */ | ||
560 | char * | ||
561 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
562 | |||
563 | /** | ||
564 | * Returns string representation of ticket. Base64-Encoded | ||
565 | * | ||
566 | * @param ticket the ticket | ||
567 | * @return the Base64-Encoded ticket | ||
568 | */ | ||
569 | char * | ||
570 | GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | ||
571 | |||
572 | /** | ||
573 | * Created a ticket from a string (Base64 encoded ticket) | ||
574 | * | ||
575 | * @param input Base64 encoded ticket | ||
576 | * @param ticket pointer where the ticket is stored | ||
577 | * @return GNUNET_OK | ||
578 | */ | ||
579 | int | ||
580 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, | ||
581 | struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket); | ||
582 | |||
583 | /** | ||
584 | * Destroys a ticket | ||
585 | * | ||
586 | * @param ticket the ticket to destroy | ||
587 | */ | ||
588 | void | ||
589 | GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | ||
590 | |||
591 | #if 0 /* keep Emacsens' auto-indent happy */ | 460 | #if 0 /* keep Emacsens' auto-indent happy */ |
592 | { | 461 | { |
593 | #endif | 462 | #endif |