aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2017-10-06 16:50:32 +0200
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2017-10-06 16:50:32 +0200
commitcc838240da0d28fa1fc6d7a97da2808a7a622365 (patch)
tree49603d5a1e1db330863b3465ef052ca6f9b2b04e /src
parent7807374c7247af1d139ff70b4af047c227229a6e (diff)
downloadgnunet-cc838240da0d28fa1fc6d7a97da2808a7a622365.tar.gz
gnunet-cc838240da0d28fa1fc6d7a97da2808a7a622365.zip
-remove deprecated
Diffstat (limited to 'src')
-rw-r--r--src/identity-provider/Makefile.am23
-rw-r--r--src/identity-provider/gnunet-identity-token.c179
-rw-r--r--src/identity-provider/gnunet-idp.c8
-rw-r--r--src/identity-provider/gnunet-service-identity-provider.c1115
-rw-r--r--src/identity-provider/identity_provider.h140
-rw-r--r--src/identity-provider/identity_provider_api.c362
-rw-r--r--src/identity-provider/identity_token.c1006
-rw-r--r--src/identity-provider/identity_token.h351
-rw-r--r--src/identity-provider/plugin_identity_provider_sqlite.c6
-rw-r--r--src/identity-provider/plugin_rest_identity_provider.c1216
-rw-r--r--src/include/gnunet_identity_provider_plugin.h6
-rw-r--r--src/include/gnunet_identity_provider_service.h137
12 files changed, 47 insertions, 4502 deletions
diff --git a/src/identity-provider/Makefile.am b/src/identity-provider/Makefile.am
index 1b35c6c04..0aabc2143 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/identity-provider/Makefile.am
@@ -26,12 +26,10 @@ pkgcfg_DATA = \
26lib_LTLIBRARIES = \ 26lib_LTLIBRARIES = \
27 libgnunetidentityprovider.la 27 libgnunetidentityprovider.la
28plugin_LTLIBRARIES = \ 28plugin_LTLIBRARIES = \
29 libgnunet_plugin_rest_identity_provider.la \
30 libgnunet_plugin_gnsrecord_identity_provider.la \ 29 libgnunet_plugin_gnsrecord_identity_provider.la \
31 $(SQLITE_PLUGIN) 30 $(SQLITE_PLUGIN)
32 31
33bin_PROGRAMS = \ 32bin_PROGRAMS = \
34 gnunet-identity-token \
35 gnunet-idp 33 gnunet-idp
36 34
37libexec_PROGRAMS = \ 35libexec_PROGRAMS = \
@@ -60,7 +58,6 @@ libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \
60 58
61gnunet_service_identity_provider_SOURCES = \ 59gnunet_service_identity_provider_SOURCES = \
62 gnunet-service-identity-provider.c \ 60 gnunet-service-identity-provider.c \
63 identity_token.c \
64 identity_attribute.h 61 identity_attribute.h
65gnunet_service_identity_provider_LDADD = \ 62gnunet_service_identity_provider_LDADD = \
66 $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ 63 $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
@@ -85,19 +82,6 @@ libgnunetidentityprovider_la_LDFLAGS = \
85 $(GN_LIB_LDFLAGS) $(WINFLAGS) \ 82 $(GN_LIB_LDFLAGS) $(WINFLAGS) \
86 -version-info 0:0:0 83 -version-info 0:0:0
87 84
88libgnunet_plugin_rest_identity_provider_la_SOURCES = \
89 plugin_rest_identity_provider.c
90libgnunet_plugin_rest_identity_provider_la_LIBADD = \
91 $(top_builddir)/src/identity/libgnunetidentity.la \
92 libgnunetidentityprovider.la \
93 $(top_builddir)/src/rest/libgnunetrest.la \
94 $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
95 $(top_builddir)/src/namestore/libgnunetnamestore.la \
96 $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
97 $(LTLIBINTL) -ljansson -lmicrohttpd
98libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \
99 $(GN_PLUGIN_LDFLAGS)
100
101gnunet_idp_SOURCES = \ 85gnunet_idp_SOURCES = \
102 gnunet-idp.c 86 gnunet-idp.c
103gnunet_idp_LDADD = \ 87gnunet_idp_LDADD = \
@@ -106,10 +90,3 @@ gnunet_idp_LDADD = \
106 $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \ 90 $(top_builddir)/src/identity-provider/libgnunetidentityprovider.la \
107 $(top_builddir)/src/identity/libgnunetidentity.la \ 91 $(top_builddir)/src/identity/libgnunetidentity.la \
108 $(GN_LIBINTL) 92 $(GN_LIBINTL)
109
110gnunet_identity_token_SOURCES = \
111 gnunet-identity-token.c
112gnunet_identity_token_LDADD = \
113 $(top_builddir)/src/util/libgnunetutil.la \
114 -ljansson -lmicrohttpd \
115 $(GN_LIBINTL)
diff --git a/src/identity-provider/gnunet-identity-token.c b/src/identity-provider/gnunet-identity-token.c
deleted file mode 100644
index 30b63bfc4..000000000
--- a/src/identity-provider/gnunet-identity-token.c
+++ /dev/null
@@ -1,179 +0,0 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012-2015 GNUnet e.V.
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19 */
20/**
21 * @author Martin Schanzenbach
22 * @file src/identity-provider/gnunet-service-identity-provider.c
23 * @brief Identity Token Service
24 *
25 */
26
27#include "platform.h"
28#include "gnunet_util_lib.h"
29#include <jansson.h>
30#include "gnunet_signatures.h"
31
32/**
33 * The token
34 */
35static char* token;
36
37/**
38 * Weather to print the token
39 */
40static int print_token;
41
42static void
43run (void *cls,
44 char *const *args,
45 const char *cfgfile,
46 const struct GNUNET_CONFIGURATION_Handle *c)
47{
48 char *payload;
49 char *header;
50 //Get token parts
51 const char *header_b64;
52 const char *payload_b64;
53 const char *signature_b32;
54 const char *keystring;
55 char *data;
56 json_t *payload_json;
57 json_t *keystring_json;
58 json_error_t error;
59 struct GNUNET_CRYPTO_EcdsaPublicKey key;
60 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
61 struct GNUNET_CRYPTO_EcdsaSignature sig;
62
63 if (NULL == token)
64 {
65 GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
66 _("Option `-t' is required\n"));
67 return;
68 }
69 header_b64 = strtok (token, ".");
70 payload_b64 = strtok (NULL, ".");
71 signature_b32 = strtok (NULL, ".");
72 if ( (NULL == header_b64) ||
73 (NULL == payload_b64) ||
74 (NULL == signature_b32) )
75 {
76 GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
77 _("Token `%s' is malformed\n"),
78 token);
79 GNUNET_free (token);
80 token = NULL;
81 return;
82 }
83
84 //Decode payload
85 GNUNET_STRINGS_base64_decode (payload_b64,
86 strlen (payload_b64),
87 &payload);
88 //Decode header
89 GNUNET_STRINGS_base64_decode (header_b64,
90 strlen (header_b64),
91 &header);
92
93
94 GNUNET_asprintf(&data,
95 "%s,%s",
96 header_b64,
97 payload_b64);
98 char *val = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen (data));
99 purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose*)val;
100 purpose->size = htonl(sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + strlen (data));
101 purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
102 GNUNET_memcpy (&purpose[1], data, strlen(data));
103 GNUNET_free (data);
104 GNUNET_free (token);
105 token = NULL;
106
107 if (print_token)
108 printf ("Token:\nHeader:\t\t%s\nPayload:\t%s\n",
109 header,
110 payload);
111 GNUNET_free (header);
112
113 payload_json = json_loads (payload, 0, &error);
114 GNUNET_free (payload);
115
116 if ((NULL == payload_json) || (! json_is_object (payload_json)) )
117 {
118 GNUNET_free (val);
119 return;
120 }
121 keystring_json = json_object_get (payload_json, "iss");
122 if (! json_is_string (keystring_json))
123 {
124 GNUNET_free (val);
125 return;
126 }
127 keystring = json_string_value (keystring_json);
128 if (GNUNET_OK !=
129 GNUNET_CRYPTO_ecdsa_public_key_from_string (keystring,
130 strlen (keystring),
131 &key))
132 {
133 GNUNET_free (val);
134 return;
135 }
136 GNUNET_STRINGS_string_to_data (signature_b32,
137 strlen (signature_b32),
138 &sig,
139 sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
140
141 if (print_token)
142 printf ("Signature:\t%s\n",
143 keystring);
144
145 if (GNUNET_OK !=
146 GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN,
147 purpose,
148 &sig,
149 &key))
150 printf("Signature not OK!\n");
151 else
152 printf("Signature OK!\n");
153 GNUNET_free (val);
154 return;
155}
156
157
158int
159main(int argc, char *const argv[])
160{
161 struct GNUNET_GETOPT_CommandLineOption options[] = {
162
163 GNUNET_GETOPT_option_string ('t',
164 "token",
165 NULL,
166 gettext_noop ("GNUid token"),
167 &token),
168
169 GNUNET_GETOPT_option_flag ('p',
170 "print",
171 gettext_noop ("Print token contents"),
172 &print_token),
173
174 GNUNET_GETOPT_OPTION_END
175 };
176 return GNUNET_PROGRAM_run (argc, argv, "ct",
177 "ct", options,
178 &run, NULL);
179}
diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c
index fbe1d9613..bc30a1148 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/identity-provider/gnunet-idp.c
@@ -104,7 +104,7 @@ static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
104/** 104/**
105 * Ticket to consume 105 * Ticket to consume
106 */ 106 */
107static struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; 107static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
108 108
109/** 109/**
110 * Attribute list 110 * Attribute list
@@ -128,12 +128,12 @@ do_cleanup(void *cls)
128 128
129static void 129static void
130ticket_issue_cb (void* cls, 130ticket_issue_cb (void* cls,
131 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) 131 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
132{ 132{
133 char* ticket_str; 133 char* ticket_str;
134 if (NULL != ticket) { 134 if (NULL != ticket) {
135 ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket, 135 ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
136 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); 136 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
137 printf("%s\n", 137 printf("%s\n",
138 ticket_str); 138 ticket_str);
139 GNUNET_free (ticket_str); 139 GNUNET_free (ticket_str);
@@ -278,7 +278,7 @@ ego_cb (void *cls,
278 GNUNET_STRINGS_string_to_data (consume_ticket, 278 GNUNET_STRINGS_string_to_data (consume_ticket,
279 strlen (consume_ticket), 279 strlen (consume_ticket),
280 &ticket, 280 &ticket,
281 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2)); 281 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
282 282
283 attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); 283 attr_list = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
284 284
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 8960ea162..9c03cdbd7 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -36,7 +36,6 @@
36#include "gnunet_identity_provider_plugin.h" 36#include "gnunet_identity_provider_plugin.h"
37#include "gnunet_signatures.h" 37#include "gnunet_signatures.h"
38#include "identity_provider.h" 38#include "identity_provider.h"
39#include "identity_token.h"
40#include "identity_attribute.h" 39#include "identity_attribute.h"
41#include <inttypes.h> 40#include <inttypes.h>
42 41
@@ -360,27 +359,8 @@ struct AttributeStoreHandle
360}; 359};
361 360
362 361
363 362/* Prototype */
364struct VerifiedAttributeEntry
365{
366 /**
367 * DLL
368 */
369 struct VerifiedAttributeEntry *prev;
370
371 /**
372 * DLL
373 */
374 struct VerifiedAttributeEntry *next;
375
376 /**
377 * Attribute Name
378 */
379 char* name;
380};
381
382struct ParallelLookup; 363struct ParallelLookup;
383struct ParallelLookup2;
384 364
385struct ConsumeTicketHandle 365struct ConsumeTicketHandle
386{ 366{
@@ -393,7 +373,7 @@ struct ConsumeTicketHandle
393 /** 373 /**
394 * Ticket 374 * Ticket
395 */ 375 */
396 struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; 376 struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
397 377
398 /** 378 /**
399 * LookupRequest 379 * LookupRequest
@@ -413,12 +393,12 @@ struct ConsumeTicketHandle
413 /** 393 /**
414 * Lookup DLL 394 * Lookup DLL
415 */ 395 */
416 struct ParallelLookup2 *parallel_lookups_head; 396 struct ParallelLookup *parallel_lookups_head;
417 397
418 /** 398 /**
419 * Lookup DLL 399 * Lookup DLL
420 */ 400 */
421 struct ParallelLookup2 *parallel_lookups_tail; 401 struct ParallelLookup *parallel_lookups_tail;
422 402
423 /** 403 /**
424 * Kill task 404 * Kill task
@@ -441,82 +421,30 @@ struct ConsumeTicketHandle
441 uint32_t r_id; 421 uint32_t r_id;
442}; 422};
443 423
444struct ParallelLookup2 424/**
445{ 425 * Handle for a parallel GNS lookup job
446 struct ParallelLookup2 *next; 426 */
447
448 struct ParallelLookup2 *prev;
449
450 struct GNUNET_GNS_LookupRequest *lookup_request;
451
452 struct ConsumeTicketHandle *handle;
453
454 char *label;
455};
456
457
458struct ExchangeHandle
459{
460
461 /**
462 * Client connection
463 */
464 struct IdpClient *client;
465
466 /**
467 * Ticket
468 */
469 struct TokenTicket *ticket;
470
471 /**
472 * Token returned
473 */
474 struct IdentityToken *token;
475
476 /**
477 * LookupRequest
478 */
479 struct GNUNET_GNS_LookupRequest *lookup_request;
480
481 /**
482 * Audience Key
483 */
484 struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey;
485
486 /**
487 * ParallelLookups DLL
488 */
489 struct ParallelLookup *parallel_lookups_head;
490 struct ParallelLookup *parallel_lookups_tail;
491
492 struct GNUNET_SCHEDULER_Task *kill_task;
493 struct GNUNET_CRYPTO_AbeKey *key;
494
495 /**
496 * Label to return
497 */
498 char *label;
499
500 /**
501 * request id
502 */
503 uint32_t r_id;
504};
505
506struct ParallelLookup 427struct ParallelLookup
507{ 428{
429 /* DLL */
508 struct ParallelLookup *next; 430 struct ParallelLookup *next;
509 431
432 /* DLL */
510 struct ParallelLookup *prev; 433 struct ParallelLookup *prev;
511 434
435 /* The GNS request */
512 struct GNUNET_GNS_LookupRequest *lookup_request; 436 struct GNUNET_GNS_LookupRequest *lookup_request;
513 437
514 struct ExchangeHandle *handle; 438 /* The handle the return to */
439 struct ConsumeTicketHandle *handle;
515 440
441 /* The label to look up */
516 char *label; 442 char *label;
517}; 443};
518 444
519 445/**
446 * Ticket issue request handle
447 */
520struct TicketIssueHandle 448struct TicketIssueHandle
521{ 449{
522 450
@@ -538,7 +466,7 @@ struct TicketIssueHandle
538 /** 466 /**
539 * Ticket to issue 467 * Ticket to issue
540 */ 468 */
541 struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; 469 struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
542 470
543 /** 471 /**
544 * QueueEntry 472 * QueueEntry
@@ -553,103 +481,6 @@ struct TicketIssueHandle
553 481
554 482
555/** 483/**
556 * DEPRECATED
557 */
558struct IssueHandle
559{
560
561 /**
562 * Client connection
563 */
564 struct IdpClient *client;
565
566 /**
567 * Issuer Key
568 */
569 struct GNUNET_CRYPTO_EcdsaPrivateKey iss_key;
570
571 /**
572 * Issue pubkey
573 */
574 struct GNUNET_CRYPTO_EcdsaPublicKey iss_pkey;
575
576 /**
577 * Audience Key
578 */
579 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
580
581 /**
582 * The issuer egos ABE master key
583 */
584 struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
585
586 /**
587 * Expiration
588 */
589 struct GNUNET_TIME_Absolute expiration;
590
591 /**
592 * Scopes
593 */
594 char *scopes;
595
596 /**
597 * DLL
598 */
599 struct VerifiedAttributeEntry *v_attr_head;
600
601 /**
602 * DLL
603 */
604 struct VerifiedAttributeEntry *v_attr_tail;
605
606 /**
607 * nonce
608 */
609 uint64_t nonce;
610
611 /**
612 * NS iterator
613 */
614 struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
615
616 /**
617 * Cred request
618 */
619 struct GNUNET_CREDENTIAL_Request *credential_request;
620
621 /**
622 * Attribute map
623 */
624 struct GNUNET_CONTAINER_MultiHashMap *attr_map;
625
626 /**
627 * Token
628 */
629 struct IdentityToken *token;
630
631 /**
632 * Ticket
633 */
634 struct TokenTicket *ticket;
635
636 /**
637 * QueueEntry
638 */
639 struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
640
641 /**
642 * The label the token is stored under
643 */
644 char *label;
645
646 /**
647 * request id
648 */
649 uint32_t r_id;
650};
651
652/**
653 * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format 484 * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format
654 * 485 *
655 */ 486 */
@@ -846,119 +677,6 @@ bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
846 677
847 678
848 679
849static struct GNUNET_MQ_Envelope*
850create_exchange_result_message (const char* token,
851 const char* label,
852 uint64_t ticket_nonce,
853 uint64_t id)
854{
855 struct GNUNET_MQ_Envelope *env;
856 struct ExchangeResultMessage *erm;
857 uint16_t token_len = strlen (token) + 1;
858
859 env = GNUNET_MQ_msg_extra (erm,
860 token_len,
861 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT);
862 erm->ticket_nonce = htonl (ticket_nonce);
863 erm->id = id;
864 GNUNET_memcpy (&erm[1], token, token_len);
865 return env;
866}
867
868
869static struct GNUNET_MQ_Envelope*
870create_issue_result_message (const char* label,
871 const char* ticket,
872 const char* token,
873 uint64_t id)
874{
875 struct GNUNET_MQ_Envelope *env;
876 struct IssueResultMessage *irm;
877 char *tmp_str;
878 size_t len;
879
880 GNUNET_asprintf (&tmp_str, "%s,%s,%s", label, ticket, token);
881 len = strlen (tmp_str) + 1;
882 env = GNUNET_MQ_msg_extra (irm,
883 len,
884 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT);
885 irm->id = id;
886 GNUNET_memcpy (&irm[1], tmp_str, strlen (tmp_str) + 1);
887 GNUNET_free (tmp_str);
888 return env;
889}
890
891static void
892cleanup_issue_handle (struct IssueHandle *handle)
893{
894 if (NULL != handle->attr_map)
895 GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map);
896 if (NULL != handle->scopes)
897 GNUNET_free (handle->scopes);
898 if (NULL != handle->token)
899 token_destroy (handle->token);
900 if (NULL != handle->ticket)
901 ticket_destroy (handle->ticket);
902 if (NULL != handle->label)
903 GNUNET_free (handle->label);
904 if (NULL != handle->ns_it)
905 GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
906 if (NULL != handle->credential_request)
907 GNUNET_CREDENTIAL_request_cancel (handle->credential_request);
908 GNUNET_free (handle);
909}
910
911static void
912store_record_issue_cont (void *cls,
913 int32_t success,
914 const char *emsg)
915{
916 struct IssueHandle *handle = cls;
917 struct GNUNET_MQ_Envelope *env;
918 char *ticket_str;
919 char *token_str;
920
921 handle->ns_qe = NULL;
922 if (GNUNET_SYSERR == success)
923 {
924 cleanup_issue_handle (handle);
925 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
926 "Unknown Error\n");
927 GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
928 return;
929 }
930 if (GNUNET_OK != ticket_serialize (handle->ticket,
931 &handle->iss_key,
932 &ticket_str))
933 {
934 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
935 "Error serializing ticket\n");
936 cleanup_issue_handle (handle);
937 GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
938 return;
939 }
940 if (GNUNET_OK != token_to_string (handle->token,
941 &handle->iss_key,
942 &token_str))
943 {
944 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
945 "Error serializing token\n");
946 GNUNET_free (ticket_str);
947 cleanup_issue_handle (handle);
948 GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
949 return;
950 }
951 env = create_issue_result_message (handle->label,
952 ticket_str,
953 token_str,
954 handle->r_id);
955 GNUNET_MQ_send (handle->client->mq,
956 env);
957 cleanup_issue_handle (handle);
958 GNUNET_free (ticket_str);
959 GNUNET_free (token_str);
960}
961
962static int 680static int
963create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, 681create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash,
964 struct GNUNET_CRYPTO_SymmetricSessionKey *skey, 682 struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
@@ -982,775 +700,6 @@ create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash,
982 return GNUNET_OK; 700 return GNUNET_OK;
983} 701}
984 702
985int
986serialize_abe_keyinfo (const struct IssueHandle *handle,
987 const struct GNUNET_CRYPTO_AbeKey *rp_key,
988 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
989 char **result)
990{
991 char *enc_keyinfo;
992 char *serialized_key;
993 char *buf;
994 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
995 ssize_t size;
996
997 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
998 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
999 struct GNUNET_HashCode new_key_hash;
1000 ssize_t enc_size;
1001
1002 size = GNUNET_CRYPTO_cpabe_serialize_key (rp_key,
1003 (void**)&serialized_key);
1004 buf = GNUNET_malloc (strlen (handle->scopes) + 1 + size);
1005 GNUNET_memcpy (buf,
1006 handle->scopes,
1007 strlen (handle->scopes) + 1);
1008 GNUNET_memcpy (buf + strlen (handle->scopes) + 1,
1009 serialized_key,
1010 size);
1011 // ECDH keypair E = eG
1012 *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
1013 GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
1014 &ecdh_pubkey);
1015 enc_keyinfo = GNUNET_malloc (size + strlen (handle->scopes) + 1);
1016 // Derived key K = H(eB)
1017 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
1018 &handle->aud_key,
1019 &new_key_hash));
1020 create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
1021 enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
1022 size + strlen (handle->scopes) + 1,
1023 &skey, &iv,
1024 enc_keyinfo);
1025 *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+
1026 enc_size);
1027 GNUNET_memcpy (*result,
1028 &ecdh_pubkey,
1029 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1030 GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
1031 enc_keyinfo,
1032 enc_size);
1033 GNUNET_free (enc_keyinfo);
1034 return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size;
1035}
1036
1037static void
1038cleanup_exchange_handle (struct ExchangeHandle *handle)
1039{
1040 if (NULL != handle->ticket)
1041 ticket_destroy (handle->ticket);
1042 if (NULL != handle->token)
1043 token_destroy (handle->token);
1044 GNUNET_free (handle);
1045}
1046
1047
1048/**
1049 * Build a token and store it
1050 *
1051 * @param cls the IssueHandle
1052 */
1053static void
1054sign_and_return_token (void *cls)
1055{
1056 struct ExchangeHandle *handle = cls;
1057 struct GNUNET_MQ_Envelope *env;
1058 char *token_str;
1059 uint64_t time;
1060 uint64_t exp_time;
1061
1062 time = GNUNET_TIME_absolute_get().abs_value_us;
1063 exp_time = time + token_expiration_interval.rel_value_us;
1064
1065 token_add_attr_int (handle->token, "nbf", time);
1066 token_add_attr_int (handle->token, "iat", time);
1067 token_add_attr_int (handle->token, "exp", exp_time);
1068
1069 //Readable
1070 GNUNET_assert (GNUNET_OK == token_to_string (handle->token,
1071 &handle->aud_privkey,
1072 &token_str));
1073
1074 env = create_exchange_result_message (token_str,
1075 handle->label,
1076 handle->ticket->payload->nonce,
1077 handle->r_id);
1078 GNUNET_MQ_send (handle->client->mq,
1079 env);
1080 cleanup_exchange_handle (handle);
1081 GNUNET_free (token_str);
1082
1083}
1084
1085/**
1086 * Build an ABE key and store it
1087 *
1088 * @param cls the IssueHandle
1089 */
1090static void
1091issue_ticket (void *cls)
1092{
1093 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
1094 struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
1095 struct IssueHandle *handle = cls;
1096 struct GNUNET_GNSRECORD_Data code_record[1];
1097 struct GNUNET_CRYPTO_AbeKey *rp_key;
1098 char *nonce_str;
1099 char *code_record_data;
1100 char **attrs;
1101 char *scope;
1102 char *scopes_tmp;
1103 int attrs_len;
1104 int i;
1105 uint64_t time;
1106 uint64_t exp_time;
1107 size_t code_record_len;
1108
1109 //Remote nonce
1110 nonce_str = NULL;
1111 GNUNET_asprintf (&nonce_str, "%lu", handle->nonce);
1112 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
1113
1114 GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
1115 &pub_key);
1116 handle->ticket = ticket_create (handle->nonce,
1117 &pub_key,
1118 handle->label,
1119 &handle->aud_key);
1120
1121 time = GNUNET_TIME_absolute_get().abs_value_us;
1122 exp_time = time + token_expiration_interval.rel_value_us;
1123
1124 token_add_attr_int (handle->token, "nbf", time);
1125 token_add_attr_int (handle->token, "iat", time);
1126 token_add_attr_int (handle->token, "exp", exp_time);
1127 token_add_attr (handle->token, "nonce", nonce_str);
1128
1129 //Create new ABE key for RP
1130 attrs_len = (GNUNET_CONTAINER_multihashmap_size (handle->attr_map) + 1) * sizeof (char*);
1131 attrs = GNUNET_malloc (attrs_len);
1132 i = 0;
1133 scopes_tmp = GNUNET_strdup (handle->scopes);
1134 for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ",")) {
1135 attrs[i] = scope;
1136 i++;
1137 }
1138 rp_key = GNUNET_CRYPTO_cpabe_create_key (handle->abe_key,
1139 attrs);
1140 code_record_len = serialize_abe_keyinfo (handle,
1141 rp_key,
1142 &ecdhe_privkey,
1143 &code_record_data);
1144 code_record[0].data = code_record_data;
1145 code_record[0].data_size = code_record_len;
1146 code_record[0].expiration_time = exp_time;
1147 code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
1148 code_record[0].flags = GNUNET_GNSRECORD_RF_NONE;
1149
1150
1151 //Publish record
1152 handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1153 &handle->iss_key,
1154 handle->label,
1155 1,
1156 code_record,
1157 &store_record_issue_cont,
1158 handle);
1159 GNUNET_free (ecdhe_privkey);
1160 GNUNET_free (nonce_str);
1161 GNUNET_free (code_record_data);
1162}
1163
1164/**
1165 * Credential to JSON
1166 * @param cred the credential
1167 * @return the resulting json, NULL if failed
1168 */
1169static json_t*
1170credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred)
1171{
1172 char *issuer;
1173 char *subject;
1174 char *signature;
1175 char attribute[cred->issuer_attribute_len + 1];
1176 json_t *cred_obj;
1177
1178 issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key);
1179 if (NULL == issuer)
1180 {
1181 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1182 "Issuer in credential malformed\n");
1183 return NULL;
1184 }
1185 subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key);
1186 if (NULL == subject)
1187 {
1188 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1189 "Subject in credential malformed\n");
1190 GNUNET_free (issuer);
1191 return NULL;
1192 }
1193 GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
1194 sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
1195 &signature);
1196 memcpy (attribute,
1197 cred->issuer_attribute,
1198 cred->issuer_attribute_len);
1199 attribute[cred->issuer_attribute_len] = '\0';
1200 cred_obj = json_object ();
1201 json_object_set_new (cred_obj, "issuer", json_string (issuer));
1202 json_object_set_new (cred_obj, "subject", json_string (subject));
1203 json_object_set_new (cred_obj, "attribute", json_string (attribute));
1204 json_object_set_new (cred_obj, "signature", json_string (signature));
1205 json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us));
1206 GNUNET_free (issuer);
1207 GNUNET_free (subject);
1208 GNUNET_free (signature);
1209 return cred_obj;
1210}
1211
1212
1213static void
1214handle_vattr_collection (void* cls,
1215 unsigned int d_count,
1216 struct GNUNET_CREDENTIAL_Delegation *dc,
1217 unsigned int c_count,
1218 struct GNUNET_CREDENTIAL_Credential *cred)
1219{
1220 struct IssueHandle *handle = cls;
1221 struct VerifiedAttributeEntry *vattr;
1222 json_t *cred_json;
1223 json_t *cred_array;
1224 int i;
1225 handle->credential_request = NULL;
1226
1227 if (NULL == cred)
1228 {
1229 GNUNET_SCHEDULER_add_now (&issue_ticket, handle);
1230 return;
1231 }
1232 cred_array = json_array();
1233 for (i=0;i<c_count;i++)
1234 {
1235 cred_json = credential_to_json (cred);
1236 if (NULL == cred_json)
1237 continue;
1238 json_array_append (cred_array, cred_json);
1239 token_add_attr_json (handle->token,
1240 handle->v_attr_head->name,
1241 cred_array);
1242 }
1243 json_decref (cred_array);
1244 vattr = handle->v_attr_head;
1245
1246 GNUNET_CONTAINER_DLL_remove (handle->v_attr_head,
1247 handle->v_attr_tail,
1248 vattr);
1249 GNUNET_free (vattr->name);
1250 GNUNET_free (vattr);
1251
1252 if (NULL == handle->v_attr_head)
1253 {
1254 GNUNET_SCHEDULER_add_now (&issue_ticket, handle);
1255 return;
1256 }
1257 handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle,
1258 &handle->aud_key,
1259 handle->v_attr_head->name,
1260 &handle->iss_key,
1261 &handle_vattr_collection,
1262 handle);
1263
1264}
1265
1266
1267static void
1268attr_collect_error (void *cls)
1269{
1270 struct IssueHandle *handle = cls;
1271
1272 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Adding attribute Error!\n");
1273 handle->ns_it = NULL;
1274 GNUNET_SCHEDULER_add_now (&issue_ticket, handle);
1275}
1276
1277
1278static void
1279attr_collect_finished (void *cls)
1280{
1281 struct IssueHandle *handle = cls;
1282
1283 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute END: \n");
1284 handle->ns_it = NULL;
1285
1286 if (NULL == handle->v_attr_head)
1287 {
1288 GNUNET_SCHEDULER_add_now (&issue_ticket, handle);
1289 return;
1290 }
1291 handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle,
1292 &handle->aud_key,
1293 handle->v_attr_head->name,
1294 &handle->iss_key,
1295 &handle_vattr_collection,
1296 handle);
1297}
1298
1299/**
1300 * Collect attributes for token
1301 */
1302static void
1303attr_collect (void *cls,
1304 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
1305 const char *label,
1306 unsigned int rd_count,
1307 const struct GNUNET_GNSRECORD_Data *rd)
1308{
1309 struct IssueHandle *handle = cls;
1310 int i;
1311 char* data;
1312 struct GNUNET_HashCode key;
1313
1314 GNUNET_CRYPTO_hash (label,
1315 strlen (label),
1316 &key);
1317
1318 if (0 == rd_count ||
1319 ( (NULL != handle->attr_map) &&
1320 (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (handle->attr_map,
1321 &key))
1322 )
1323 )
1324 {
1325 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1326 return;
1327 }
1328
1329 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n", label);
1330
1331 if (1 == rd_count)
1332 {
1333 if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
1334 {
1335 data = GNUNET_GNSRECORD_value_to_string (rd->record_type,
1336 rd->data,
1337 rd->data_size);
1338 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data);
1339 token_add_attr (handle->token,
1340 label,
1341 data);
1342 GNUNET_free (data);
1343 }
1344 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1345 return;
1346 }
1347
1348 i = 0;
1349 for (; i < rd_count; i++)
1350 {
1351 if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
1352 {
1353 data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
1354 rd[i].data,
1355 rd[i].data_size);
1356 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data);
1357 token_add_attr (handle->token, label, data);
1358 GNUNET_free (data);
1359 }
1360 }
1361
1362 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
1363}
1364
1365static void
1366process_parallel_lookup (void *cls, uint32_t rd_count,
1367 const struct GNUNET_GNSRECORD_Data *rd)
1368{
1369 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1370 "Parallel lookup finished (count=%u)\n", rd_count);
1371 struct ParallelLookup *parallel_lookup = cls;
1372 struct ExchangeHandle *handle = parallel_lookup->handle;
1373 char *data;
1374 int i;
1375
1376 GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
1377 handle->parallel_lookups_tail,
1378 parallel_lookup);
1379 GNUNET_free (parallel_lookup);
1380 if (1 == rd_count)
1381 {
1382 if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
1383 {
1384 GNUNET_CRYPTO_cpabe_decrypt (rd->data,
1385 rd->data_size,
1386 handle->key,
1387 (void**)&data);
1388 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data);
1389 token_add_attr (handle->token,
1390 parallel_lookup->label,
1391 data);
1392 GNUNET_free (data);
1393 }
1394 } else {
1395 i = 0;
1396 for (; i < rd_count; i++)
1397 {
1398 if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
1399 {
1400 data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
1401 rd[i].data,
1402 rd[i].data_size);
1403 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data);
1404 token_add_attr (handle->token, parallel_lookup->label, data);
1405 GNUNET_free (data);
1406 }
1407 }
1408 }
1409 if (NULL != handle->parallel_lookups_head)
1410 return; //Wait for more
1411 //Else we are done
1412 GNUNET_SCHEDULER_cancel (handle->kill_task);
1413 GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle);
1414}
1415
1416void
1417abort_parallel_lookups (void *cls)
1418{
1419 struct ExchangeHandle *handle = cls;
1420 struct ParallelLookup *lu;
1421 struct ParallelLookup *tmp;
1422
1423 for (lu = handle->parallel_lookups_head;
1424 NULL != lu;) {
1425 GNUNET_GNS_lookup_cancel (lu->lookup_request);
1426 GNUNET_free (lu->label);
1427 tmp = lu->next;
1428 GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
1429 handle->parallel_lookups_tail,
1430 lu);
1431 GNUNET_free (lu);
1432 lu = tmp;
1433 }
1434 GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle);
1435
1436}
1437
1438static void
1439process_lookup_result (void *cls, uint32_t rd_count,
1440 const struct GNUNET_GNSRECORD_Data *rd)
1441{
1442 struct ExchangeHandle *handle = cls;
1443 struct GNUNET_HashCode new_key_hash;
1444 struct GNUNET_CRYPTO_SymmetricSessionKey enc_key;
1445 struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv;
1446 struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key;
1447 struct ParallelLookup *parallel_lookup;
1448 size_t size;
1449 char *buf;
1450 char *scope;
1451 char *lookup_query;
1452
1453 handle->lookup_request = NULL;
1454 if (1 != rd_count)
1455 {
1456 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1457 "Number of keys %d != 1.",
1458 rd_count);
1459 cleanup_exchange_handle (handle);
1460 GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
1461 return;
1462 }
1463
1464 //Decrypt
1465 ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data;
1466
1467 buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1468
1469 //Calculate symmetric key from ecdh parameters
1470 GNUNET_assert (GNUNET_OK ==
1471 GNUNET_CRYPTO_ecdsa_ecdh (&handle->aud_privkey,
1472 ecdh_key,
1473 &new_key_hash));
1474 create_sym_key_from_ecdh (&new_key_hash,
1475 &enc_key,
1476 &enc_iv);
1477 size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
1478 rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
1479 &enc_key,
1480 &enc_iv,
1481 buf);
1482
1483 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1484 "Decrypted bytes: %zd Expected bytes: %zd\n",
1485 size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1486
1487 scopes = GNUNET_strdup (buf);
1488 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1489 "Scopes %s\n", scopes);
1490 handle->key = GNUNET_CRYPTO_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1),
1491 rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)
1492 - strlen (scopes) - 1);
1493
1494 for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ","))
1495 {
1496 GNUNET_asprintf (&lookup_query,
1497 "%s.gnu",
1498 scope);
1499 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1500 "Looking up %s\n", lookup_query);
1501 parallel_lookup = GNUNET_new (struct ParallelLookup);
1502 parallel_lookup->handle = handle;
1503 parallel_lookup->label = GNUNET_strdup (scope);
1504 parallel_lookup->lookup_request
1505 = GNUNET_GNS_lookup (gns_handle,
1506 lookup_query,
1507 &handle->ticket->payload->identity_key,
1508 GNUNET_GNSRECORD_TYPE_ID_ATTR,
1509 GNUNET_GNS_LO_LOCAL_MASTER,
1510 &process_parallel_lookup,
1511 parallel_lookup);
1512 GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head,
1513 handle->parallel_lookups_tail,
1514 parallel_lookup);
1515 }
1516 handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),
1517 &abort_parallel_lookups,
1518 handle);
1519}
1520
1521/**
1522 * Checks a exchange message
1523 *
1524 * @param cls client sending the message
1525 * @param xm message of type `struct ExchangeMessage`
1526 * @return #GNUNET_OK if @a xm is well-formed
1527 */
1528static int
1529check_exchange_message (void *cls,
1530 const struct ExchangeMessage *xm)
1531{
1532 uint16_t size;
1533
1534 size = ntohs (xm->header.size);
1535 if (size <= sizeof (struct ExchangeMessage))
1536 {
1537 GNUNET_break (0);
1538 return GNUNET_SYSERR;
1539 }
1540 return GNUNET_OK;
1541}
1542
1543/**
1544 *
1545 * Handler for exchange message
1546 *
1547 * @param cls unused
1548 * @param client who sent the message
1549 * @param message the message
1550 */
1551static void
1552handle_exchange_message (void *cls,
1553 const struct ExchangeMessage *xm)
1554{
1555 struct ExchangeHandle *xchange_handle;
1556 struct IdpClient *idp = cls;
1557 const char *ticket;
1558 char *lookup_query;
1559
1560 ticket = (const char *) &xm[1];
1561 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1562 "Received EXCHANGE of `%s' from client\n",
1563 ticket);
1564 xchange_handle = GNUNET_malloc (sizeof (struct ExchangeHandle));
1565 xchange_handle->aud_privkey = xm->aud_privkey;
1566 xchange_handle->r_id = xm->id;
1567 if (GNUNET_SYSERR == ticket_parse (ticket,
1568 &xchange_handle->aud_privkey,
1569 &xchange_handle->ticket))
1570 {
1571 GNUNET_free (xchange_handle);
1572 GNUNET_SERVICE_client_drop (idp->client);
1573 return;
1574 }
1575 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Looking for ABE key under %s\n",
1576 xchange_handle->ticket->payload->label);
1577 GNUNET_asprintf (&lookup_query,
1578 "%s.gnu",
1579 xchange_handle->ticket->payload->label);
1580 GNUNET_SERVICE_client_continue (idp->client);
1581 xchange_handle->client = idp;
1582 xchange_handle->token = token_create (&xchange_handle->ticket->payload->identity_key,
1583 &xchange_handle->ticket->payload->identity_key);
1584 xchange_handle->lookup_request
1585 = GNUNET_GNS_lookup (gns_handle,
1586 lookup_query,
1587 &xchange_handle->ticket->payload->identity_key,
1588 GNUNET_GNSRECORD_TYPE_ABE_KEY,
1589 GNUNET_GNS_LO_LOCAL_MASTER,
1590 &process_lookup_result,
1591 xchange_handle);
1592 GNUNET_free (lookup_query);
1593
1594}
1595
1596void
1597attr_collect_task (void *cls)
1598{
1599 struct IssueHandle *issue_handle = cls;
1600
1601 issue_handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
1602 &issue_handle->iss_key,
1603 &attr_collect_error,
1604 issue_handle,
1605 &attr_collect,
1606 issue_handle,
1607 &attr_collect_finished,
1608 issue_handle);
1609}
1610
1611void
1612abe_key_lookup_error (void *cls)
1613{
1614 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1615 "Error looking for ABE master!\n");
1616 GNUNET_SCHEDULER_add_now (&do_shutdown, cls);
1617}
1618
1619void
1620abe_key_lookup_result (void *cls,
1621 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
1622 const char *label,
1623 unsigned int rd_count,
1624 const struct GNUNET_GNSRECORD_Data *rd)
1625{
1626 struct IssueHandle *handle = cls;
1627 int i;
1628
1629 for (i=0;i<rd_count;i++) {
1630 if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
1631 continue;
1632 handle->abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key ((void**)rd[i].data,
1633 rd[i].data_size);
1634 GNUNET_SCHEDULER_add_now (&attr_collect_task, handle);
1635 return;
1636 }
1637 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1638 "No ABE master found!\n");
1639 GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
1640
1641}
1642
1643
1644/**
1645 * Checks an issue message
1646 *
1647 * @param cls client sending the message
1648 * @param im message of type `struct IssueMessage`
1649 * @return #GNUNET_OK if @a im is well-formed
1650 */
1651static int
1652check_issue_message(void *cls,
1653 const struct IssueMessage *im)
1654{
1655 uint16_t size;
1656
1657 size = ntohs (im->header.size);
1658 if (size <= sizeof (struct IssueMessage))
1659 {
1660 GNUNET_break (0);
1661 return GNUNET_SYSERR;
1662 }
1663 scopes = (char *) &im[1];
1664 if ('\0' != scopes[size - sizeof (struct IssueMessage) - 1])
1665 {
1666 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1667 "Malformed scopes received!\n");
1668 GNUNET_break (0);
1669 return GNUNET_SYSERR;
1670 }
1671 return GNUNET_OK;
1672}
1673
1674
1675/**
1676 *
1677 * Handler for issue message
1678 *
1679 * @param cls unused
1680 * @param client who sent the message
1681 * @param message the message
1682 */
1683static void
1684handle_issue_message (void *cls,
1685 const struct IssueMessage *im)
1686{
1687 const char *scopes;
1688 char *scopes_tmp;
1689 char *scope;
1690 uint64_t rnd_key;
1691 struct GNUNET_HashCode key;
1692 struct IssueHandle *issue_handle;
1693 struct IdpClient *idp = cls;
1694
1695 scopes = (const char *) &im[1];
1696 //v_attrs = (const char *) &im[1] + ntohl(im->scope_len);
1697 issue_handle = GNUNET_malloc (sizeof (struct IssueHandle));
1698 issue_handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5,
1699 GNUNET_NO);
1700 scopes_tmp = GNUNET_strdup (scopes);
1701
1702 for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ","))
1703 {
1704 GNUNET_CRYPTO_hash (scope,
1705 strlen (scope),
1706 &key);
1707 GNUNET_CONTAINER_multihashmap_put (issue_handle->attr_map,
1708 &key,
1709 scope,
1710 GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
1711 }
1712 GNUNET_free (scopes_tmp);
1713 /*scopes_tmp = GNUNET_strdup (v_attrs);
1714
1715 for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL, ","))
1716 {
1717 vattr_entry = GNUNET_new (struct VerifiedAttributeEntry);
1718 vattr_entry->name = GNUNET_strdup (scope);
1719 GNUNET_CONTAINER_DLL_insert (issue_handle->v_attr_head,
1720 issue_handle->v_attr_tail,
1721 vattr_entry);
1722 }
1723 GNUNET_free (scopes_tmp);*/
1724
1725
1726
1727 issue_handle->r_id = im->id;
1728 issue_handle->aud_key = im->aud_key;
1729 issue_handle->iss_key = im->iss_key;
1730 GNUNET_CRYPTO_ecdsa_key_get_public (&im->iss_key,
1731 &issue_handle->iss_pkey);
1732 issue_handle->expiration = GNUNET_TIME_absolute_ntoh (im->expiration);
1733 issue_handle->nonce = ntohl (im->nonce);
1734 GNUNET_SERVICE_client_continue (idp->client);
1735 issue_handle->client = idp;
1736 issue_handle->scopes = GNUNET_strdup (scopes);
1737 issue_handle->token = token_create (&issue_handle->iss_pkey,
1738 &issue_handle->aud_key);
1739 rnd_key =
1740 GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
1741 UINT64_MAX);
1742 GNUNET_STRINGS_base64_encode ((char*)&rnd_key,
1743 sizeof (uint64_t),
1744 &issue_handle->label);
1745 issue_handle->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
1746 &issue_handle->iss_key,
1747 "+",
1748 &abe_key_lookup_error,
1749 issue_handle,
1750 &abe_key_lookup_result,
1751 issue_handle);
1752}
1753
1754static void 703static void
1755cleanup_ticket_issue_handle (struct TicketIssueHandle *handle) 704cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
1756{ 705{
@@ -1765,11 +714,11 @@ cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
1765static void 714static void
1766send_ticket_result (struct IdpClient *client, 715send_ticket_result (struct IdpClient *client,
1767 uint32_t r_id, 716 uint32_t r_id,
1768 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) 717 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
1769{ 718{
1770 struct TicketResultMessage *irm; 719 struct TicketResultMessage *irm;
1771 struct GNUNET_MQ_Envelope *env; 720 struct GNUNET_MQ_Envelope *env;
1772 struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket_buf; 721 struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf;
1773 722
1774 /* store ticket in DB */ 723 /* store ticket in DB */
1775 if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls, 724 if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
@@ -1781,9 +730,9 @@ send_ticket_result (struct IdpClient *client,
1781 } 730 }
1782 731
1783 env = GNUNET_MQ_msg_extra (irm, 732 env = GNUNET_MQ_msg_extra (irm,
1784 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket2), 733 sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
1785 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT); 734 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
1786 ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&irm[1]; 735 ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1];
1787 *ticket_buf = *ticket; 736 *ticket_buf = *ticket;
1788 irm->id = htonl (r_id); 737 irm->id = htonl (r_id);
1789 GNUNET_MQ_send (client->mq, 738 GNUNET_MQ_send (client->mq,
@@ -2043,7 +992,7 @@ process_parallel_lookup2 (void *cls, uint32_t rd_count,
2043{ 992{
2044 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 993 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2045 "Parallel lookup finished (count=%u)\n", rd_count); 994 "Parallel lookup finished (count=%u)\n", rd_count);
2046 struct ParallelLookup2 *parallel_lookup = cls; 995 struct ParallelLookup *parallel_lookup = cls;
2047 struct ConsumeTicketHandle *handle = parallel_lookup->handle; 996 struct ConsumeTicketHandle *handle = parallel_lookup->handle;
2048 struct ConsumeTicketResultMessage *crm; 997 struct ConsumeTicketResultMessage *crm;
2049 struct GNUNET_MQ_Envelope *env; 998 struct GNUNET_MQ_Envelope *env;
@@ -2105,8 +1054,8 @@ void
2105abort_parallel_lookups2 (void *cls) 1054abort_parallel_lookups2 (void *cls)
2106{ 1055{
2107 struct ConsumeTicketHandle *handle = cls; 1056 struct ConsumeTicketHandle *handle = cls;
2108 struct ParallelLookup2 *lu; 1057 struct ParallelLookup *lu;
2109 struct ParallelLookup2 *tmp; 1058 struct ParallelLookup *tmp;
2110 struct AttributeResultMessage *arm; 1059 struct AttributeResultMessage *arm;
2111 struct GNUNET_MQ_Envelope *env; 1060 struct GNUNET_MQ_Envelope *env;
2112 1061
@@ -2147,7 +1096,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
2147 struct GNUNET_CRYPTO_SymmetricSessionKey enc_key; 1096 struct GNUNET_CRYPTO_SymmetricSessionKey enc_key;
2148 struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv; 1097 struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv;
2149 struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key; 1098 struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key;
2150 struct ParallelLookup2 *parallel_lookup; 1099 struct ParallelLookup *parallel_lookup;
2151 size_t size; 1100 size_t size;
2152 char *buf; 1101 char *buf;
2153 char *scope; 1102 char *scope;
@@ -2201,7 +1150,7 @@ process_consume_abe_key (void *cls, uint32_t rd_count,
2201 scope); 1150 scope);
2202 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 1151 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2203 "Looking up %s\n", lookup_query); 1152 "Looking up %s\n", lookup_query);
2204 parallel_lookup = GNUNET_new (struct ParallelLookup2); 1153 parallel_lookup = GNUNET_new (struct ParallelLookup);
2205 parallel_lookup->handle = handle; 1154 parallel_lookup->handle = handle;
2206 parallel_lookup->label = GNUNET_strdup (scope); 1155 parallel_lookup->label = GNUNET_strdup (scope);
2207 parallel_lookup->lookup_request 1156 parallel_lookup->lookup_request
@@ -2247,7 +1196,7 @@ handle_consume_ticket_message (void *cls,
2247 ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList); 1196 ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeList);
2248 GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity, 1197 GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
2249 &ch->identity_pub); 1198 &ch->identity_pub);
2250 ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket2*)&cm[1]); 1199 ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
2251 rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd, 1200 rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
2252 sizeof (uint64_t)); 1201 sizeof (uint64_t));
2253 GNUNET_asprintf (&lookup_query, 1202 GNUNET_asprintf (&lookup_query,
@@ -2660,7 +1609,7 @@ struct TicketIterationProcResult
2660 */ 1609 */
2661static void 1610static void
2662ticket_iterate_proc (void *cls, 1611ticket_iterate_proc (void *cls,
2663 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) 1612 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
2664{ 1613{
2665 struct TicketIterationProcResult *proc = cls; 1614 struct TicketIterationProcResult *proc = cls;
2666 1615
@@ -2973,14 +1922,6 @@ GNUNET_SERVICE_MAIN
2973 &client_connect_cb, 1922 &client_connect_cb,
2974 &client_disconnect_cb, 1923 &client_disconnect_cb,
2975 NULL, 1924 NULL,
2976 GNUNET_MQ_hd_var_size (issue_message,
2977 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE,
2978 struct IssueMessage,
2979 NULL),
2980 GNUNET_MQ_hd_var_size (exchange_message,
2981 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE,
2982 struct ExchangeMessage,
2983 NULL),
2984 GNUNET_MQ_hd_var_size (attribute_store_message, 1925 GNUNET_MQ_hd_var_size (attribute_store_message,
2985 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE, 1926 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE,
2986 struct AttributeStoreMessage, 1927 struct AttributeStoreMessage,
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h
index 96bed18f4..9361854ad 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -34,146 +34,6 @@
34GNUNET_NETWORK_STRUCT_BEGIN 34GNUNET_NETWORK_STRUCT_BEGIN
35 35
36/** 36/**
37 * The token
38 */
39struct GNUNET_IDENTITY_PROVIDER_Token
40{
41 /**
42 * The JWT representation of the identity token
43 */
44 char *data;
45};
46
47/**
48 * The ticket DEPRECATED
49 */
50struct GNUNET_IDENTITY_PROVIDER_Ticket
51{
52 /**
53 * The Base64 representation of the ticket
54 */
55 char *data;
56};
57
58/**
59 * Answer from service to client after issue operation
60 */
61struct IssueResultMessage
62{
63 /**
64 * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_RESULT_CODE
65 */
66 struct GNUNET_MessageHeader header;
67
68 /**
69 * Unique identifier for this request (for key collisions).
70 */
71 uint32_t id GNUNET_PACKED;
72
73 /* followed by 0-terminated label,ticket,token */
74
75};
76
77
78/**
79 * Ticket exchange message.
80 */
81struct ExchangeResultMessage
82{
83 /**
84 * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_UPDATE
85 */
86 struct GNUNET_MessageHeader header;
87
88 /**
89 * Unique identifier for this request (for key collisions).
90 */
91 uint32_t id GNUNET_PACKED;
92
93 /**
94 * Nonce found in ticket. NBO
95 * 0 on error.
96 */
97 uint64_t ticket_nonce GNUNET_PACKED;
98
99 /* followed by 0-terminated token */
100
101};
102
103
104
105/**
106 * Client requests IdP to issue token.
107 */
108struct IssueMessage
109{
110 /**
111 * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_GET_DEFAULT
112 */
113 struct GNUNET_MessageHeader header;
114
115 /**
116 * Unique identifier for this request (for key collisions).
117 */
118 uint32_t id GNUNET_PACKED;
119
120
121 /**
122 * Issuer identity private key
123 */
124 struct GNUNET_CRYPTO_EcdsaPrivateKey iss_key;
125
126 /**
127 * Audience public key
128 */
129 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
130
131 /**
132 * Nonce
133 */
134 uint64_t nonce;
135
136 /**
137 * Length of scopes
138 */
139 uint64_t scope_len;
140
141 /**
142 * Expiration of token in NBO.
143 */
144 struct GNUNET_TIME_AbsoluteNBO expiration;
145
146
147 /* followed by 0-terminated comma-separated scope list */
148
149};
150
151
152/**
153 * Use to exchange a ticket for a token
154 */
155struct ExchangeMessage
156{
157 /**
158 * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT
159 */
160 struct GNUNET_MessageHeader header;
161
162 /**
163 * Unique identifier for this request (for key collisions).
164 */
165 uint32_t id GNUNET_PACKED;
166
167 /**
168 * Audience identity private key
169 */
170 struct GNUNET_CRYPTO_EcdsaPrivateKey aud_privkey;
171
172 /* followed by 0-terminated ticket string */
173
174};
175
176/**
177 * Use to store an identity attribute 37 * Use to store an identity attribute
178 */ 38 */
179struct AttributeStoreMessage 39struct AttributeStoreMessage
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index 6ef1d470e..d623eaf3b 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -64,18 +64,6 @@ struct GNUNET_IDENTITY_PROVIDER_Operation
64 const struct GNUNET_MessageHeader *msg; 64 const struct GNUNET_MessageHeader *msg;
65 65
66 /** 66 /**
67 * Continuation to invoke with the result of the transmission; @e cb
68 * will be NULL in this case.
69 */
70 GNUNET_IDENTITY_PROVIDER_ExchangeCallback ex_cb;
71
72 /**
73 * Continuation to invoke with the result of the transmission for
74 * 'issue' operations (@e cont will be NULL in this case).
75 */
76 GNUNET_IDENTITY_PROVIDER_IssueCallback iss_cb;
77
78 /**
79 * Continuation to invoke after attribute store call 67 * Continuation to invoke after attribute store call
80 */ 68 */
81 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb; 69 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb;
@@ -404,151 +392,6 @@ mq_error_handler (void *cls,
404} 392}
405 393
406/** 394/**
407 * Check validity of message received from the service
408 *
409 * @param cls the `struct GNUNET_IDENTITY_PROVIDER_Handle *`
410 * @param result_msg the incoming message
411 */
412static int
413check_exchange_result (void *cls,
414 const struct ExchangeResultMessage *erm)
415{
416 char *str;
417 size_t size = ntohs (erm->header.size);
418
419
420 str = (char *) &erm[0];
421 if ( (size > sizeof (struct ExchangeResultMessage)) &&
422 ('\0' != str[size - 1]) )
423 {
424 GNUNET_break (0);
425 return GNUNET_SYSERR;
426 }
427 return GNUNET_OK;
428}
429
430
431/**
432 * Check validity of message received from the service
433 *
434 * @param cls the `struct GNUNET_IDENTITY_PROVIDER_Handle *`
435 * @param result_msg the incoming message
436 */
437static int
438check_result (void *cls,
439 const struct IssueResultMessage *irm)
440{
441 char *str;
442 size_t size = ntohs (irm->header.size);
443 str = (char*) &irm[0];
444 if ( (size > sizeof (struct IssueResultMessage)) &&
445 ('\0' != str[size - 1]) )
446 {
447 GNUNET_break (0);
448 return GNUNET_SYSERR;
449 }
450 return GNUNET_OK;
451}
452
453/**
454 * Handler for messages received from the GNS service
455 *
456 * @param cls the `struct GNUNET_GNS_Handle *`
457 * @param loookup_msg the incoming message
458 */
459static void
460handle_exchange_result (void *cls,
461 const struct ExchangeResultMessage *erm)
462{
463 struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
464 struct GNUNET_IDENTITY_PROVIDER_Operation *op;
465 struct GNUNET_IDENTITY_PROVIDER_Token token;
466 uint64_t ticket_nonce;
467 uint32_t r_id = ntohl (erm->id);
468 char *str;
469
470 for (op = handle->op_head; NULL != op; op = op->next)
471 if (op->r_id == r_id)
472 break;
473 if (NULL == op)
474 return;
475 str = GNUNET_strdup ((char*)&erm[1]);
476 op = handle->op_head;
477 GNUNET_CONTAINER_DLL_remove (handle->op_head,
478 handle->op_tail,
479 op);
480 token.data = str;
481 ticket_nonce = ntohl (erm->ticket_nonce);
482 if (NULL != op->ex_cb)
483 op->ex_cb (op->cls, &token, ticket_nonce);
484 GNUNET_free (str);
485 GNUNET_free (op);
486
487}
488
489/**
490 * Handler for messages received from the GNS service
491 *
492 * @param cls the `struct GNUNET_GNS_Handle *`
493 * @param loookup_msg the incoming message
494 */
495static void
496handle_result (void *cls,
497 const struct IssueResultMessage *irm)
498{
499 struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
500 struct GNUNET_IDENTITY_PROVIDER_Operation *op;
501 struct GNUNET_IDENTITY_PROVIDER_Token token;
502 struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
503 uint32_t r_id = ntohl (irm->id);
504 char *str;
505 char *label_str;
506 char *ticket_str;
507 char *token_str;
508
509 for (op = handle->op_head; NULL != op; op = op->next)
510 if (op->r_id == r_id)
511 break;
512 if (NULL == op)
513 return;
514 str = GNUNET_strdup ((char*)&irm[1]);
515 label_str = strtok (str, ",");
516
517 if (NULL == label_str)
518 {
519 GNUNET_free (str);
520 GNUNET_break (0);
521 return;
522 }
523 ticket_str = strtok (NULL, ",");
524 if (NULL == ticket_str)
525 {
526 GNUNET_free (str);
527 GNUNET_break (0);
528 return;
529 }
530 token_str = strtok (NULL, ",");
531 if (NULL == token_str)
532 {
533 GNUNET_free (str);
534 GNUNET_break (0);
535 return;
536 }
537 GNUNET_CONTAINER_DLL_remove (handle->op_head,
538 handle->op_tail,
539 op);
540 ticket.data = ticket_str;
541 token.data = token_str;
542 if (NULL != op->iss_cb)
543 op->iss_cb (op->cls, label_str, &ticket, &token);
544 GNUNET_free (str);
545 GNUNET_free (op);
546
547}
548
549
550
551/**
552 * Handle an incoming message of type 395 * Handle an incoming message of type
553 * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE 396 * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE
554 * 397 *
@@ -824,7 +667,7 @@ handle_ticket_result (void *cls,
824 struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls; 667 struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
825 struct GNUNET_IDENTITY_PROVIDER_Operation *op; 668 struct GNUNET_IDENTITY_PROVIDER_Operation *op;
826 struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it; 669 struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
827 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket; 670 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
828 uint32_t r_id = ntohl (msg->id); 671 uint32_t r_id = ntohl (msg->id);
829 size_t msg_len; 672 size_t msg_len;
830 673
@@ -847,7 +690,7 @@ handle_ticket_result (void *cls,
847 if (NULL != op->tr_cb) 690 if (NULL != op->tr_cb)
848 op->tr_cb (op->cls, NULL); 691 op->tr_cb (op->cls, NULL);
849 } else { 692 } else {
850 ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; 693 ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
851 if (NULL != op->tr_cb) 694 if (NULL != op->tr_cb)
852 op->tr_cb (op->cls, ticket); 695 op->tr_cb (op->cls, ticket);
853 } 696 }
@@ -863,7 +706,7 @@ handle_ticket_result (void *cls,
863 it->finish_cb (it->finish_cb_cls); 706 it->finish_cb (it->finish_cb_cls);
864 } else { 707 } else {
865 708
866 ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket2 *)&msg[1]; 709 ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
867 if (NULL != it->tr_cb) 710 if (NULL != it->tr_cb)
868 it->tr_cb (it->cls, ticket); 711 it->tr_cb (it->cls, ticket);
869 } 712 }
@@ -888,14 +731,6 @@ reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
888 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE, 731 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE,
889 struct AttributeStoreResponseMessage, 732 struct AttributeStoreResponseMessage,
890 h), 733 h),
891 GNUNET_MQ_hd_var_size (result,
892 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_RESULT,
893 struct IssueResultMessage,
894 h),
895 GNUNET_MQ_hd_var_size (exchange_result,
896 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT,
897 struct ExchangeResultMessage,
898 h),
899 GNUNET_MQ_hd_var_size (attribute_result, 734 GNUNET_MQ_hd_var_size (attribute_result,
900 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT, 735 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT,
901 struct AttributeResultMessage, 736 struct AttributeResultMessage,
@@ -953,117 +788,6 @@ GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
953 788
954 789
955/** 790/**
956 * Issue an identity token
957 *
958 * @param id identity service to query
959 * @param service_name for which service is an identity wanted
960 * @param cb function to call with the result (will only be called once)
961 * @param cb_cls closure for @a cb
962 * @return handle to abort the operation
963 */
964struct GNUNET_IDENTITY_PROVIDER_Operation *
965GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
966 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
967 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
968 const char* scopes,
969 const char* vattr,
970 struct GNUNET_TIME_Absolute expiration,
971 uint64_t nonce,
972 GNUNET_IDENTITY_PROVIDER_IssueCallback cb,
973 void *cb_cls)
974{
975 struct GNUNET_IDENTITY_PROVIDER_Operation *op;
976 struct IssueMessage *im;
977 size_t slen;
978
979 slen = strlen (scopes) + 1;
980 if (NULL != vattr)
981 slen += strlen (vattr) + 1;
982 if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage))
983 {
984 GNUNET_break (0);
985 return NULL;
986 }
987 op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
988 op->h = id;
989 op->iss_cb = cb;
990 op->cls = cb_cls;
991 op->r_id = id->r_id_gen++;
992 op->env = GNUNET_MQ_msg_extra (im,
993 slen,
994 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE);
995 im->id = op->r_id;
996 im->iss_key = *iss_key;
997 im->aud_key = *aud_key;
998 im->scope_len = htonl (strlen(scopes)+1);
999 im->nonce = htonl (nonce);
1000 im->expiration = GNUNET_TIME_absolute_hton (expiration);
1001 GNUNET_memcpy (&im[1], scopes, strlen(scopes));
1002 if (NULL != vattr)
1003 GNUNET_memcpy ((char*)&im[1]+strlen(scopes)+1, vattr, strlen(vattr));
1004 GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
1005 id->op_tail,
1006 op);
1007 if (NULL != id->mq)
1008 GNUNET_MQ_send_copy (id->mq,
1009 op->env);
1010 return op;
1011}
1012
1013
1014/**
1015 * Exchange a token ticket for a token
1016 *
1017 * @param id identity provider service
1018 * @param ticket ticket to exchange
1019 * @param cont function to call once the operation finished
1020 * @param cont_cls closure for @a cont
1021 * @return handle to abort the operation
1022 */
1023struct GNUNET_IDENTITY_PROVIDER_Operation *
1024GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
1025 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
1026 const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey,
1027 GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont,
1028 void *cont_cls)
1029{
1030 struct GNUNET_IDENTITY_PROVIDER_Operation *op;
1031 struct ExchangeMessage *em;
1032 size_t slen;
1033 char *ticket_str;
1034
1035 ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket);
1036
1037 slen = strlen (ticket_str) + 1;
1038 if (slen >= GNUNET_MAX_MESSAGE_SIZE - sizeof (struct ExchangeMessage))
1039 {
1040 GNUNET_free (ticket_str);
1041 GNUNET_break (0);
1042 return NULL;
1043 }
1044 op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
1045 op->h = id;
1046 op->ex_cb = cont;
1047 op->cls = cont_cls;
1048 op->r_id = id->r_id_gen++;
1049 op->env = GNUNET_MQ_msg_extra (em,
1050 slen,
1051 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE);
1052 em->aud_privkey = *aud_privkey;
1053 em->id = htonl (op->r_id);
1054 GNUNET_memcpy (&em[1], ticket_str, slen);
1055 GNUNET_free (ticket_str);
1056 GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
1057 id->op_tail,
1058 op);
1059 if (NULL != id->mq)
1060 GNUNET_MQ_send_copy (id->mq,
1061 op->env);
1062 return op;
1063}
1064
1065
1066/**
1067 * Cancel an operation. Note that the operation MAY still 791 * Cancel an operation. Note that the operation MAY still
1068 * be executed; this merely cancels the continuation; if the request 792 * be executed; this merely cancels the continuation; if the request
1069 * was already transmitted, the service may still choose to complete 793 * was already transmitted, the service may still choose to complete
@@ -1108,80 +832,6 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
1108} 832}
1109 833
1110/** 834/**
1111 * Convenience API
1112 */
1113
1114
1115/**
1116 * Destroy token
1117 *
1118 * @param token the token
1119 */
1120void
1121GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token)
1122{
1123 GNUNET_assert (NULL != token);
1124 if (NULL != token->data)
1125 GNUNET_free (token->data);
1126 GNUNET_free (token);
1127}
1128
1129/**
1130 * Returns string representation of token. A JSON-Web-Token.
1131 *
1132 * @param token the token
1133 * @return The JWT (must be freed)
1134 */
1135char *
1136GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token)
1137{
1138 return GNUNET_strdup (token->data);
1139}
1140
1141/**
1142 * Returns string representation of ticket. Base64-Encoded
1143 *
1144 * @param ticket the ticket
1145 * @return the Base64-Encoded ticket
1146 */
1147char *
1148GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
1149{
1150 return GNUNET_strdup (ticket->data);
1151}
1152
1153/**
1154 * Created a ticket from a string (Base64 encoded ticket)
1155 *
1156 * @param input Base64 encoded ticket
1157 * @param ticket pointer where the ticket is stored
1158 * @return GNUNET_OK
1159 */
1160int
1161GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input,
1162 struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket)
1163{
1164 *ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
1165 (*ticket)->data = GNUNET_strdup (input);
1166 return GNUNET_OK;
1167}
1168
1169
1170/**
1171 * Destroys a ticket
1172 *
1173 * @param ticket the ticket to destroy
1174 */
1175void
1176GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
1177{
1178 GNUNET_assert (NULL != ticket);
1179 if (NULL != ticket->data)
1180 GNUNET_free (ticket->data);
1181 GNUNET_free (ticket);
1182}
1183
1184/**
1185 * Store an attribute. If the attribute is already present, 835 * Store an attribute. If the attribute is already present,
1186 * it is replaced with the new attribute. 836 * it is replaced with the new attribute.
1187 * 837 *
@@ -1428,7 +1078,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handl
1428struct GNUNET_IDENTITY_PROVIDER_Operation * 1078struct GNUNET_IDENTITY_PROVIDER_Operation *
1429GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, 1079GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
1430 const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, 1080 const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity,
1431 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, 1081 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
1432 GNUNET_IDENTITY_PROVIDER_AttributeResult cb, 1082 GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
1433 void *cb_cls) 1083 void *cb_cls)
1434{ 1084{
@@ -1444,14 +1094,14 @@ GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Hand
1444 h->op_tail, 1094 h->op_tail,
1445 op); 1095 op);
1446 op->env = GNUNET_MQ_msg_extra (ctm, 1096 op->env = GNUNET_MQ_msg_extra (ctm,
1447 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2), 1097 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket),
1448 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET); 1098 GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET);
1449 ctm->identity = *identity; 1099 ctm->identity = *identity;
1450 ctm->id = htonl (op->r_id); 1100 ctm->id = htonl (op->r_id);
1451 1101
1452 GNUNET_memcpy ((char*)&ctm[1], 1102 GNUNET_memcpy ((char*)&ctm[1],
1453 ticket, 1103 ticket,
1454 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket2)); 1104 sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket));
1455 1105
1456 if (NULL != h->mq) 1106 if (NULL != h->mq)
1457 GNUNET_MQ_send_copy (h->mq, 1107 GNUNET_MQ_send_copy (h->mq,
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c
deleted file mode 100644
index 6794e373c..000000000
--- a/src/identity-provider/identity_token.c
+++ /dev/null
@@ -1,1006 +0,0 @@
1/*
2 This file is part of GNUnet
3 Copyright (C) 2010-2015 GNUnet e.V.
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19 */
20
21/**
22 * @file identity-provider/identity_token.c
23 * @brief helper library to manage identity tokens
24 * @author Martin Schanzenbach
25 */
26#include "platform.h"
27#include "gnunet_util_lib.h"
28#include "gnunet_signatures.h"
29#include "identity_token.h"
30#include <jansson.h>
31#include <inttypes.h>
32
33#define JWT_ALG "alg"
34
35#define JWT_ALG_VALUE "ED512"
36
37#define JWT_TYP "typ"
38
39#define JWT_TYP_VALUE "jwt"
40
41/**
42 * Crypto helper functions
43 */
44
45static int
46create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash,
47 struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
48 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
49{
50 struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str;
51
52 GNUNET_CRYPTO_hash_to_enc (new_key_hash,
53 &new_key_hash_str);
54 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str);
55 static const char ctx_key[] = "gnuid-aes-ctx-key";
56 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
57 new_key_hash, sizeof (struct GNUNET_HashCode),
58 ctx_key, strlen (ctx_key),
59 NULL, 0);
60 static const char ctx_iv[] = "gnuid-aes-ctx-iv";
61 GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
62 new_key_hash, sizeof (struct GNUNET_HashCode),
63 ctx_iv, strlen (ctx_iv),
64 NULL, 0);
65 return GNUNET_OK;
66}
67
68
69
70/**
71 * Decrypts data part from a token code
72 */
73static int
74decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
75 const struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key,
76 const char *cyphertext,
77 size_t cyphertext_len,
78 char **result_str)
79{
80 struct GNUNET_HashCode new_key_hash;
81 struct GNUNET_CRYPTO_SymmetricSessionKey enc_key;
82 struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv;
83
84 char *str_buf = GNUNET_malloc (cyphertext_len);
85 size_t str_size;
86
87 //Calculate symmetric key from ecdh parameters
88 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_ecdh (priv_key,
89 ecdh_key,
90 &new_key_hash));
91
92 create_sym_key_from_ecdh (&new_key_hash,
93 &enc_key,
94 &enc_iv);
95
96 str_size = GNUNET_CRYPTO_symmetric_decrypt (cyphertext,
97 cyphertext_len,
98 &enc_key,
99 &enc_iv,
100 str_buf);
101 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
102 "Decrypted bytes: %zd Expected bytes: %zd\n",
103 str_size,
104 cyphertext_len);
105 if (-1 == str_size)
106 {
107 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH invalid\n");
108 GNUNET_free (str_buf);
109 return GNUNET_SYSERR;
110 }
111 *result_str = GNUNET_malloc (str_size+1);
112 GNUNET_memcpy (*result_str, str_buf, str_size);
113 (*result_str)[str_size] = '\0';
114 GNUNET_free (str_buf);
115 return GNUNET_OK;
116
117}
118
119/**
120 * Decrypt string using pubkey and ECDHE
121*/
122static int
123decrypt_str_ecdhe2 (const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdh_privkey,
124 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
125 const char *ciphertext,
126 size_t ciphertext_len,
127 char **plaintext)
128{
129 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
130 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
131 struct GNUNET_HashCode new_key_hash;
132
133 //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt
134 *plaintext = GNUNET_malloc (ciphertext_len);
135
136 // Derived key K = H(eB)
137 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (ecdh_privkey,
138 aud_key,
139 &new_key_hash));
140 create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
141 GNUNET_CRYPTO_symmetric_decrypt (ciphertext,
142 ciphertext_len,
143 &skey, &iv,
144 *plaintext);
145 return GNUNET_OK;
146}
147
148
149/**
150 * Encrypt string using pubkey and ECDHE
151 * Returns ECDHE pubkey to be used for decryption
152 */
153static int
154encrypt_str_ecdhe (const char *plaintext,
155 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub_key,
156 char **cyphertext,
157 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
158 struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_pubkey)
159{
160 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
161 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
162 struct GNUNET_HashCode new_key_hash;
163 ssize_t enc_size;
164
165 // ECDH keypair E = eG
166 *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
167 GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
168 ecdh_pubkey);
169
170 //This is true see documentation for GNUNET_CRYPTO_symmetric_encrypt
171 *cyphertext = GNUNET_malloc (strlen (plaintext));
172
173 // Derived key K = H(eB)
174 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
175 pub_key,
176 &new_key_hash));
177 create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
178 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypting string %s\n (len=%zd)",
179 plaintext,
180 strlen (plaintext));
181 enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext,
182 strlen (plaintext),
183 &skey, &iv,
184 *cyphertext);
185 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Encrypted (len=%zd)", enc_size);
186 return GNUNET_OK;
187}
188
189
190/**
191 * Identity Token API
192 */
193
194
195/**
196 * Create an Identity Token
197 *
198 * @param type the JSON API resource type
199 * @param id the JSON API resource id
200 * @return a new JSON API resource or NULL on error.
201 */
202struct IdentityToken*
203token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey* iss,
204 const struct GNUNET_CRYPTO_EcdsaPublicKey* aud)
205{
206 struct IdentityToken *token;
207 char* audience;
208 char* issuer;
209
210 issuer = GNUNET_STRINGS_data_to_string_alloc (iss,
211 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
212 audience = GNUNET_STRINGS_data_to_string_alloc (aud,
213 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
214
215 token = GNUNET_malloc (sizeof (struct IdentityToken));
216 token_add_attr (token, "iss", issuer);
217 token_add_attr (token, "aud", audience);
218 token_add_attr (token, "sub", issuer);
219 token->aud_key = *aud;
220 GNUNET_free (issuer);
221 GNUNET_free (audience);
222 return token;
223}
224
225void
226token_destroy (struct IdentityToken *token)
227{
228 struct TokenAttr *attr;
229 struct TokenAttr *tmp_attr;
230 struct TokenAttrValue *val;
231 struct TokenAttrValue *tmp_val;
232
233 for (attr = token->attr_head; NULL != attr;)
234 {
235 tmp_attr = attr->next;
236 GNUNET_CONTAINER_DLL_remove (token->attr_head,
237 token->attr_tail,
238 attr);
239 for (val = attr->val_head; NULL != val;)
240 {
241 tmp_val = val->next;
242 GNUNET_CONTAINER_DLL_remove (attr->val_head,
243 attr->val_tail,
244 val);
245 if (NULL != val->value)
246 GNUNET_free (val->value);
247 GNUNET_free (val);
248 val = tmp_val;
249 }
250 GNUNET_free (attr->name);
251 GNUNET_free (attr);
252 attr = tmp_attr;
253 }
254
255
256 GNUNET_free (token);
257}
258
259void
260token_add_attr_json (struct IdentityToken *token,
261 const char* key,
262 json_t* value)
263{
264 struct TokenAttr *attr;
265 struct TokenAttrValue *new_val;
266 GNUNET_assert (NULL != token);
267
268 new_val = GNUNET_malloc (sizeof (struct TokenAttrValue));
269 new_val->json_value = value;
270 json_incref(value);
271 for (attr = token->attr_head; NULL != attr; attr = attr->next)
272 {
273 if (0 == strcmp (key, attr->name))
274 break;
275 }
276
277 if (NULL == attr)
278 {
279 attr = GNUNET_malloc (sizeof (struct TokenAttr));
280 attr->name = GNUNET_strdup (key);
281 GNUNET_CONTAINER_DLL_insert (token->attr_head,
282 token->attr_tail,
283 attr);
284 }
285
286 GNUNET_CONTAINER_DLL_insert (attr->val_head,
287 attr->val_tail,
288 new_val);
289}
290
291void
292token_add_attr (struct IdentityToken *token,
293 const char* key,
294 const char* value)
295{
296 struct TokenAttr *attr;
297 struct TokenAttrValue *new_val;
298 GNUNET_assert (NULL != token);
299
300 new_val = GNUNET_malloc (sizeof (struct TokenAttrValue));
301 new_val->value = GNUNET_strdup (value);
302 for (attr = token->attr_head; NULL != attr; attr = attr->next)
303 {
304 if (0 == strcmp (key, attr->name))
305 break;
306 }
307
308 if (NULL == attr)
309 {
310 attr = GNUNET_malloc (sizeof (struct TokenAttr));
311 attr->name = GNUNET_strdup (key);
312 GNUNET_CONTAINER_DLL_insert (token->attr_head,
313 token->attr_tail,
314 attr);
315 }
316
317 GNUNET_CONTAINER_DLL_insert (attr->val_head,
318 attr->val_tail,
319 new_val);
320}
321
322void
323token_add_attr_int (struct IdentityToken *token,
324 const char* key,
325 uint64_t value)
326{
327 struct TokenAttr *attr;
328 struct TokenAttrValue *new_val;
329 GNUNET_assert (NULL != token);
330
331 new_val = GNUNET_malloc (sizeof (struct TokenAttrValue));
332 new_val->int_value = value;
333 for (attr = token->attr_head; NULL != attr; attr = attr->next)
334 {
335 if (0 == strcmp (key, attr->name))
336 break;
337 }
338
339 if (NULL == attr)
340 {
341 attr = GNUNET_malloc (sizeof (struct TokenAttr));
342 attr->name = GNUNET_strdup (key);
343 GNUNET_CONTAINER_DLL_insert (token->attr_head,
344 token->attr_tail,
345 attr);
346 }
347
348 GNUNET_CONTAINER_DLL_insert (attr->val_head,
349 attr->val_tail,
350 new_val);
351}
352
353static void
354parse_json_payload(const char* payload_base64,
355 struct IdentityToken *token)
356{
357 const char *key;
358 const json_t *value;
359 const json_t *arr_value;
360 char *payload;
361 int idx;
362 json_t *payload_json;
363 json_error_t err_json;
364
365 GNUNET_STRINGS_base64_decode (payload_base64,
366 strlen (payload_base64),
367 &payload);
368 //TODO signature and aud key
369 payload_json = json_loads (payload, JSON_DECODE_ANY, &err_json);
370
371 json_object_foreach (payload_json, key, value)
372 {
373 if (json_is_array (value))
374 {
375 json_array_foreach (value, idx, arr_value)
376 {
377 if (json_is_integer (arr_value))
378 token_add_attr_int (token, key,
379 json_integer_value (arr_value));
380 else if (json_is_string (arr_value))
381 token_add_attr (token,
382 key,
383 json_string_value (arr_value));
384 else
385 token_add_attr_json (token,
386 key,
387 (json_t*)arr_value);
388 }
389 } else {
390 if (json_is_integer (value))
391 token_add_attr_int (token, key,
392 json_integer_value (value));
393 else if (json_is_string (value))
394 token_add_attr (token, key, json_string_value (value));
395 else
396 token_add_attr_json (token, key, (json_t*)value);
397 }
398 }
399
400 json_decref (payload_json);
401 GNUNET_free (payload);
402}
403
404int
405token_parse2 (const char* raw_data,
406 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
407 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
408 struct IdentityToken **result)
409{
410 char *enc_token_str;
411 char *tmp_buf;
412 char *token_str;
413 char *enc_token;
414 char *payload_base64;
415 size_t enc_token_len;
416
417 GNUNET_asprintf (&tmp_buf, "%s", raw_data);
418 strtok (tmp_buf, ",");
419 enc_token_str = strtok (NULL, ",");
420
421 enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str,
422 strlen (enc_token_str),
423 &enc_token);
424 if (GNUNET_OK != decrypt_str_ecdhe2 (priv_key,
425 aud_key,
426 enc_token,
427 enc_token_len,
428 &token_str))
429 {
430 GNUNET_free (tmp_buf);
431 GNUNET_free (enc_token);
432 return GNUNET_SYSERR;
433 }
434
435 GNUNET_assert (NULL != strtok (token_str, "."));
436 payload_base64 = strtok (NULL, ".");
437
438 *result = GNUNET_malloc (sizeof (struct IdentityToken));
439 parse_json_payload (payload_base64, *result);
440
441 (*result)->aud_key = *aud_key;
442 GNUNET_free (enc_token);
443 GNUNET_free (token_str);
444 GNUNET_free (tmp_buf);
445 return GNUNET_OK;
446}
447
448int
449token_parse (const char* raw_data,
450 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
451 struct IdentityToken **result)
452{
453 char *ecdh_pubkey_str;
454 char *enc_token_str;
455 char *tmp_buf;
456 char *token_str;
457 char *enc_token;
458 char *payload_base64;
459 size_t enc_token_len;
460 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
461
462 GNUNET_asprintf (&tmp_buf, "%s", raw_data);
463 ecdh_pubkey_str = strtok (tmp_buf, ",");
464 enc_token_str = strtok (NULL, ",");
465
466 GNUNET_assert (NULL != ecdh_pubkey_str);
467 GNUNET_assert (NULL != enc_token_str);
468
469 GNUNET_STRINGS_string_to_data (ecdh_pubkey_str,
470 strlen (ecdh_pubkey_str),
471 &ecdh_pubkey,
472 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
473 enc_token_len = GNUNET_STRINGS_base64_decode (enc_token_str,
474 strlen (enc_token_str),
475 &enc_token);
476 if (GNUNET_OK != decrypt_str_ecdhe (priv_key,
477 &ecdh_pubkey,
478 enc_token,
479 enc_token_len,
480 &token_str))
481 {
482 GNUNET_free (tmp_buf);
483 GNUNET_free (enc_token);
484 return GNUNET_SYSERR;
485 }
486
487 GNUNET_assert (NULL != strtok (token_str, "."));
488 payload_base64 = strtok (NULL, ".");
489
490 *result = GNUNET_malloc (sizeof (struct IdentityToken));
491 parse_json_payload (payload_base64, *result);
492
493 GNUNET_free (enc_token);
494 GNUNET_free (token_str);
495 GNUNET_free (tmp_buf);
496 return GNUNET_OK;
497}
498
499static char*
500create_json_payload (const struct IdentityToken *token)
501{
502 struct TokenAttr *attr;
503 struct TokenAttrValue *val;
504 json_t *root;
505 char *json_str;
506
507 root = json_object();
508 for (attr = token->attr_head; NULL != attr; attr = attr->next)
509 {
510 for (val = attr->val_head; NULL != val; val = val->next)
511 {
512 if (NULL != val->value)
513 {
514 json_object_set_new (root,
515 attr->name,
516 json_string (val->value));
517 } else if (NULL != val->json_value) {
518 json_object_set (root,
519 attr->name,
520 val->json_value);
521 }else {
522 json_object_set_new (root,
523 attr->name,
524 json_integer (val->int_value));
525 }
526 }
527 }
528 json_str = json_dumps (root, JSON_INDENT(1));
529 json_decref (root);
530 return json_str;
531}
532
533static char*
534create_json_header(void)
535{
536 json_t *root;
537 char *json_str;
538
539 root = json_object ();
540 json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
541 json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
542
543 json_str = json_dumps (root, JSON_INDENT(1));
544 json_decref (root);
545 return json_str;
546}
547
548int
549token_to_string (const struct IdentityToken *token,
550 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
551 char **result)
552{
553 char *payload_str;
554 char *header_str;
555 char *payload_base64;
556 char *header_base64;
557 char *padding;
558 char *signature_target;
559 char *signature_str;
560 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
561 header_str = create_json_header();
562 GNUNET_STRINGS_base64_encode (header_str,
563 strlen (header_str),
564 &header_base64);
565 //Remove GNUNET padding of base64
566 padding = strtok(header_base64, "=");
567 while (NULL != padding)
568 padding = strtok(NULL, "=");
569
570 payload_str = create_json_payload (token);
571 GNUNET_STRINGS_base64_encode (payload_str,
572 strlen (payload_str),
573 &payload_base64);
574
575 //Remove GNUNET padding of base64
576 padding = strtok(payload_base64, "=");
577 while (NULL != padding)
578 padding = strtok(NULL, "=");
579
580 GNUNET_asprintf (&signature_target, "%s,%s", header_base64, payload_base64);
581 purpose =
582 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
583 strlen (signature_target));
584 purpose->size =
585 htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
586 purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
587 GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
588 if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
589 purpose,
590 (struct GNUNET_CRYPTO_EcdsaSignature *)&token->signature))
591 {
592 GNUNET_free (signature_target);
593 GNUNET_free (payload_str);
594 GNUNET_free (payload_base64);
595 GNUNET_free (header_base64);
596 GNUNET_free (purpose);
597 return GNUNET_SYSERR;
598 }
599
600 GNUNET_STRINGS_base64_encode ((const char*)&token->signature,
601 sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
602 &signature_str);
603 GNUNET_asprintf (result, "%s.%s.%s",
604 header_base64, payload_base64, signature_str);
605 GNUNET_free (signature_target);
606 GNUNET_free (payload_str);
607 GNUNET_free (header_str);
608 GNUNET_free (signature_str);
609 GNUNET_free (payload_base64);
610 GNUNET_free (header_base64);
611 GNUNET_free (purpose);
612 return GNUNET_OK;
613}
614
615int
616token_serialize (const struct IdentityToken *token,
617 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
618 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
619 char **result)
620{
621 char *token_str;
622 char *enc_token;
623 char *dh_key_str;
624 char *enc_token_base64;
625 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
626
627 GNUNET_assert (GNUNET_OK == token_to_string (token,
628 priv_key,
629 &token_str));
630
631 GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str,
632 &token->aud_key,
633 &enc_token,
634 ecdh_privkey,
635 &ecdh_pubkey));
636 GNUNET_STRINGS_base64_encode (enc_token,
637 strlen (token_str),
638 &enc_token_base64);
639 dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ecdh_pubkey,
640 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
641 GNUNET_asprintf (result, "%s,%s", dh_key_str, enc_token_base64);
642 GNUNET_free (dh_key_str);
643 GNUNET_free (enc_token_base64);
644 GNUNET_free (enc_token);
645 GNUNET_free (token_str);
646 return GNUNET_OK;
647}
648
649struct TokenTicketPayload*
650ticket_payload_create (uint64_t nonce,
651 const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
652 const char* lbl_str)
653{
654 struct TokenTicketPayload* payload;
655
656 payload = GNUNET_malloc (sizeof (struct TokenTicketPayload));
657 payload->nonce = nonce;
658 payload->identity_key = *identity_pkey;
659 GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str));
660 return payload;
661}
662
663void
664ticket_payload_destroy (struct TokenTicketPayload* payload)
665{
666 if (NULL != payload->label)
667 GNUNET_free (payload->label);
668 GNUNET_free (payload);
669}
670
671void
672ticket_payload_serialize (struct TokenTicketPayload *payload,
673 char **result)
674{
675 char* identity_key_str;
676
677 identity_key_str = GNUNET_STRINGS_data_to_string_alloc (&payload->identity_key,
678 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
679
680 GNUNET_asprintf (result,
681 "{\"nonce\": \"%"SCNu64"\",\"identity\": \"%s\",\"label\": \"%s\"}",
682 payload->nonce, identity_key_str, payload->label);
683 GNUNET_free (identity_key_str);
684
685}
686
687
688/**
689 * Create the token code
690 * The data is encrypted with a share ECDH derived secret using B (aud_key)
691 * and e (ecdh_privkey)
692 * The ticket also contains E (ecdh_pubkey) and a signature over the
693 * data and E
694 */
695struct TokenTicket*
696ticket_create (uint64_t nonce,
697 const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
698 const char* lbl_str,
699 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
700{
701 struct TokenTicket *ticket;
702 struct TokenTicketPayload *code_payload;
703
704 ticket = GNUNET_malloc (sizeof (struct TokenTicket));
705 code_payload = ticket_payload_create (nonce,
706 identity_pkey,
707 lbl_str);
708 ticket->aud_key = *aud_key;
709 ticket->payload = code_payload;
710
711
712 return ticket;
713}
714
715void
716ticket_destroy (struct TokenTicket *ticket)
717{
718 ticket_payload_destroy (ticket->payload);
719 GNUNET_free (ticket);
720}
721
722int
723ticket_serialize (struct TokenTicket *ticket,
724 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
725 char **result)
726{
727 char *code_payload_str;
728 char *enc_ticket_payload;
729 char *ticket_payload_str;
730 char *ticket_sig_str;
731 char *ticket_str;
732 char *dh_key_str;
733 char *write_ptr;
734 struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
735
736 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
737
738 ticket_payload_serialize (ticket->payload,
739 &code_payload_str);
740
741 GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str,
742 &ticket->aud_key,
743 &enc_ticket_payload,
744 &ecdhe_privkey,
745 &ticket->ecdh_pubkey));
746
747 GNUNET_free (ecdhe_privkey);
748
749 purpose =
750 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
751 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E
752 strlen (code_payload_str)); // E_K (code_str)
753 purpose->size =
754 htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
755 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) +
756 strlen (code_payload_str));
757 purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET);
758 write_ptr = (char*) &purpose[1];
759 GNUNET_memcpy (write_ptr,
760 &ticket->ecdh_pubkey,
761 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
762 write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey);
763 GNUNET_memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str));
764 GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key,
765 purpose,
766 &ticket->signature));
767 GNUNET_STRINGS_base64_encode (enc_ticket_payload,
768 strlen (code_payload_str),
769 &ticket_payload_str);
770 ticket_sig_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->signature,
771 sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
772
773 dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey,
774 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
775 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str);
776 GNUNET_asprintf (&ticket_str, "{\"data\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}",
777 ticket_payload_str, dh_key_str, ticket_sig_str);
778 GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result);
779 GNUNET_free (dh_key_str);
780 GNUNET_free (purpose);
781 GNUNET_free (ticket_str);
782 GNUNET_free (ticket_sig_str);
783 GNUNET_free (code_payload_str);
784 GNUNET_free (enc_ticket_payload);
785 GNUNET_free (ticket_payload_str);
786 return GNUNET_OK;
787}
788
789int
790ticket_payload_parse(const char *raw_data,
791 ssize_t data_len,
792 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
793 const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey,
794 struct TokenTicketPayload **result)
795{
796 const char* label_str;
797 const char* nonce_str;
798 const char* identity_key_str;
799
800 json_t *root;
801 json_t *label_json;
802 json_t *identity_json;
803 json_t *nonce_json;
804 json_error_t err_json;
805 char* data_str;
806 uint64_t nonce;
807 struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey;
808
809 if (GNUNET_OK != decrypt_str_ecdhe (priv_key,
810 ecdhe_pkey,
811 raw_data,
812 data_len,
813 &data_str))
814 {
815 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Data decryption failed\n");
816 return GNUNET_SYSERR;
817 }
818
819 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Data: %s\n", data_str);
820 root = json_loads (data_str, JSON_DECODE_ANY, &err_json);
821 if (!root)
822 {
823 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
824 "Error parsing data: %s\n", err_json.text);
825 GNUNET_free (data_str);
826 return GNUNET_SYSERR;
827 }
828
829 identity_json = json_object_get (root, "identity");
830 if (!json_is_string (identity_json))
831 {
832 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
833 "Error parsing data: %s\n", err_json.text);
834 json_decref (root);
835 GNUNET_free (data_str);
836 return GNUNET_SYSERR;
837 }
838 identity_key_str = json_string_value (identity_json);
839 GNUNET_STRINGS_string_to_data (identity_key_str,
840 strlen (identity_key_str),
841 &id_pkey,
842 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
843
844
845 label_json = json_object_get (root, "label");
846 if (!json_is_string (label_json))
847 {
848 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
849 "Error parsing data: %s\n", err_json.text);
850 json_decref (root);
851 GNUNET_free (data_str);
852 return GNUNET_SYSERR;
853 }
854
855 label_str = json_string_value (label_json);
856 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found label: %s\n", label_str);
857
858 nonce_json = json_object_get (root, "nonce");
859 if (!json_is_string (label_json))
860 {
861 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
862 "Error parsing data: %s\n", err_json.text);
863 json_decref (root);
864 GNUNET_free (data_str);
865 return GNUNET_SYSERR;
866 }
867
868 nonce_str = json_string_value (nonce_json);
869 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str);
870
871 GNUNET_assert (0 != sscanf (nonce_str, "%"SCNu64, &nonce));
872
873 *result = ticket_payload_create (nonce,
874 (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
875 label_str);
876 GNUNET_free (data_str);
877 json_decref (root);
878 return GNUNET_OK;
879
880}
881
882int
883ticket_parse (const char *raw_data,
884 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
885 struct TokenTicket **result)
886{
887 const char* enc_data_str;
888 const char* ecdh_enc_str;
889 const char* signature_enc_str;
890
891 json_t *root;
892 json_t *signature_json;
893 json_t *ecdh_json;
894 json_t *enc_data_json;
895 json_error_t err_json;
896 char* enc_data;
897 char* ticket_decoded;
898 char* write_ptr;
899 size_t enc_data_len;
900 struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
901 struct TokenTicket *ticket;
902 struct TokenTicketPayload *ticket_payload;
903
904 ticket_decoded = NULL;
905 GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &ticket_decoded);
906 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ticket: %s\n", ticket_decoded);
907 root = json_loads (ticket_decoded, JSON_DECODE_ANY, &err_json);
908 if (!root)
909 {
910 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
911 "%s\n", err_json.text);
912 return GNUNET_SYSERR;
913 }
914
915 signature_json = json_object_get (root, "signature");
916 ecdh_json = json_object_get (root, "ecdh");
917 enc_data_json = json_object_get (root, "data");
918
919 signature_enc_str = json_string_value (signature_json);
920 ecdh_enc_str = json_string_value (ecdh_json);
921 enc_data_str = json_string_value (enc_data_json);
922
923 ticket = GNUNET_malloc (sizeof (struct TokenTicket));
924
925 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str,
926 strlen (ecdh_enc_str),
927 &ticket->ecdh_pubkey,
928 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)))
929 {
930 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in data\n", ecdh_enc_str);
931 json_decref (root);
932 GNUNET_free (ticket);
933 return GNUNET_SYSERR;
934 }
935 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for data decryption\n", ecdh_enc_str);
936 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str,
937 strlen (signature_enc_str),
938 &ticket->signature,
939 sizeof (struct GNUNET_CRYPTO_EcdsaSignature)))
940 {
941 json_decref (root);
942 GNUNET_free (ticket_decoded);
943 GNUNET_free (ticket);
944 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in data\n");
945 return GNUNET_SYSERR;
946 }
947
948 enc_data_len = GNUNET_STRINGS_base64_decode (enc_data_str,
949 strlen (enc_data_str),
950 &enc_data);
951
952
953 if (GNUNET_OK != ticket_payload_parse (enc_data,
954 enc_data_len,
955 priv_key,
956 (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey,
957 &ticket_payload))
958 {
959 json_decref (root);
960 GNUNET_free (enc_data);
961 GNUNET_free (ticket_decoded);
962 GNUNET_free (ticket);
963 return GNUNET_SYSERR;
964 }
965
966 ticket->payload = ticket_payload;
967 purpose =
968 GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
969 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E
970 enc_data_len); // E_K (code_str)
971 purpose->size =
972 htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
973 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) +
974 enc_data_len);
975 purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET);
976 write_ptr = (char*) &purpose[1];
977 GNUNET_memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
978 write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey);
979 GNUNET_memcpy (write_ptr, enc_data, enc_data_len);
980
981 if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET,
982 purpose,
983 &ticket->signature,
984 &ticket_payload->identity_key))
985 {
986 ticket_destroy (ticket);
987 GNUNET_free (ticket_decoded);
988 json_decref (root);
989 GNUNET_free (purpose);
990 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
991 "Error verifying signature for ticket\n");
992 return GNUNET_SYSERR;
993 }
994 *result = ticket;
995 GNUNET_free (purpose);
996
997 GNUNET_free (enc_data);
998 GNUNET_free (ticket_decoded);
999 json_decref (root);
1000 return GNUNET_OK;
1001
1002}
1003
1004
1005
1006/* end of identity_token.c */
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h
deleted file mode 100644
index 5988bc668..000000000
--- a/src/identity-provider/identity_token.h
+++ /dev/null
@@ -1,351 +0,0 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012-2015 GNUnet e.V.
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19 */
20/**
21 * @author Martin Schanzenbach
22 * @file identity-provider/identity_token.h
23 * @brief GNUnet Identity Provider library
24 *
25 */
26#ifndef IDENTITY_TOKEN_H
27#define IDENTITY_TOKEN_H
28
29#include "gnunet_crypto_lib.h"
30#include <jansson.h>
31
32struct IdentityToken
33{
34 /**
35 * DLL
36 */
37 struct TokenAttr *attr_head;
38
39 /**
40 * DLL
41 */
42 struct TokenAttr *attr_tail;
43
44 /**
45 * Token Signature
46 */
47 struct GNUNET_CRYPTO_EcdsaSignature signature;
48
49 /**
50 * Audience Pubkey
51 */
52 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
53};
54
55struct TokenAttr
56{
57 /**
58 * DLL
59 */
60 struct TokenAttr *next;
61
62 /**
63 * DLL
64 */
65 struct TokenAttr *prev;
66
67 /**
68 * Attribute name
69 */
70 char *name;
71
72 /**
73 * Attribute value DLL
74 */
75 struct TokenAttrValue *val_head;
76
77 /**
78 * Attribute value DLL
79 */
80 struct TokenAttrValue *val_tail;
81
82};
83
84struct TokenAttrValue
85{
86 /**
87 * DLL
88 */
89 struct TokenAttrValue *next;
90
91 /**
92 * DLL
93 */
94 struct TokenAttrValue *prev;
95
96 /**
97 * Attribute value
98 */
99 char *value;
100
101 /**
102 * Attribute int value
103 * used if NULL == value
104 */
105 uint64_t int_value;
106
107 /**
108 * Json value
109 */
110 json_t *json_value;
111};
112
113struct TokenTicketPayload
114{
115 /**
116 * Nonce
117 */
118 uint64_t nonce;
119
120 /**
121 * Label
122 */
123 char *label;
124
125 /**
126 * Issuing Identity
127 */
128 struct GNUNET_CRYPTO_EcdsaPublicKey identity_key;
129};
130
131
132struct TokenTicket
133{
134 /**
135 * Meta info
136 */
137 struct TokenTicketPayload *payload;
138
139 /**
140 * ECDH Pubkey
141 */
142 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
143
144 /**
145 * Signature
146 */
147 struct GNUNET_CRYPTO_EcdsaSignature signature;
148
149 /**
150 * Target identity
151 */
152 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
153};
154
155
156
157/**
158 * Create an identity token
159 *
160 * @param iss the issuer string for the token
161 * @param aud the audience of the token
162 *
163 * @return a new token
164 */
165struct IdentityToken*
166token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss,
167 const struct GNUNET_CRYPTO_EcdsaPublicKey* aud);
168
169/**
170 * Destroy an identity token
171 *
172 * @param token the token to destroy
173 */
174void
175token_destroy (struct IdentityToken*token);
176
177/**
178 * Add a new key value pair to the token
179 *
180 * @param token the token to modify
181 * @param key the key
182 * @param value the value
183 */
184void
185token_add_attr (struct IdentityToken *token,
186 const char* key,
187 const char* value);
188
189/**
190 * Add a new key value pair to the token
191 *
192 * @param token the token to modify
193 * @param key the key
194 * @param value the value
195 */
196void
197token_add_attr_int (struct IdentityToken *token,
198 const char* key,
199 uint64_t value);
200
201
202
203/**
204 * Add a value to a TokenAttribute
205 *
206 * @param attr the token attribute
207 * @param value value to add
208 */
209 void
210 token_attr_add_value (const struct TokenAttr *attr,
211 const char *value);
212
213/**
214 * Add a new key value pair to the token with the value as json
215 *
216 * @param the token to modify
217 * @param key the key
218 * @param value the value
219 *
220 */
221void
222token_add_attr_json (struct IdentityToken *token,
223 const char* key,
224 json_t* value);
225
226/**
227 * Serialize a token. The token will be signed and base64 according to the
228 * JWT format. The signature is base32-encoded ECDSA.
229 * The resulting JWT is encrypted using
230 * ECDHE for the audience and Base64
231 * encoded in result. The audience requires the ECDHE public key P
232 * to decrypt the token T. The key P is included in the result and prepended
233 * before the token
234 *
235 * @param token the token to serialize
236 * @param priv_key the private key used to sign the token
237 * @param ecdhe_privkey the ECDHE private key used to encrypt the token
238 * @param result P,Base64(E(T))
239 *
240 * @return GNUNET_OK on success
241 */
242int
243token_serialize (const struct IdentityToken*token,
244 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
245 struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
246 char **result);
247
248/**
249 * Parses the serialized token and returns a token
250 *
251 * @param data the serialized token
252 * @param priv_key the private key of the audience
253 * @param result the token
254 *
255 * @return GNUNET_OK on success
256 */
257int
258token_parse (const char* data,
259 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
260 struct IdentityToken **result);
261
262/**
263 * Parses the serialized token and returns a token
264 * This variant is intended for the party that issued the token and also
265 * wants to decrypt the serialized token.
266 *
267 * @param data the serialized token
268 * @param priv_key the private (!) ECDHE key
269 * @param aud_key the identity of the audience
270 * @param result the token
271 *
272 * @return GNUNET_OK on success
273 */
274int
275token_parse2 (const char* data,
276 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
277 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
278 struct IdentityToken **result);
279
280
281/**
282 *
283 * Returns a JWT-string representation of the token
284 *
285 * @param token the token
286 * @param priv_key the private key used to sign the JWT
287 * @param result the JWT
288 *
289 * @return GNUNET_OK on success
290 */
291int
292token_to_string (const struct IdentityToken *token,
293 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
294 char **result);
295
296/**
297 *
298 * Creates a ticket that can be exchanged by the audience for
299 * the token. The token must be placed under the label
300 *
301 * @param nonce nonce provided by the audience that requested the ticket
302 * @param iss_pkey the issuer pubkey used to sign the ticket
303 * @param label the label encoded in the ticket
304 * @param aud_ley the audience pubkey used to encrypt the ticket payload
305 *
306 * @return the ticket
307 */
308struct TokenTicket*
309ticket_create (uint64_t nonce,
310 const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
311 const char* lbl_str,
312 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
313
314/**
315 * Serialize a ticket. Returns the Base64 representation of the ticket.
316 * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } )
317 *
318 * @param ticket the ticket to serialize
319 * @param priv_key the issuer private key to sign the ticket payload
320 * @param result the serialized ticket
321 *
322 * @return GNUNET_OK on success
323 */
324int
325ticket_serialize (struct TokenTicket *ticket,
326 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
327 char **result);
328
329/**
330 * Destroys a ticket
331 *
332 * @param the ticket to destroy
333 */
334void
335ticket_destroy (struct TokenTicket *ticket);
336
337/**
338 * Parses a serialized ticket
339 *
340 * @param data the serialized ticket
341 * @param priv_key the audience private key
342 * @param ticket the ticket
343 *
344 * @return GNUNET_OK on success
345 */
346int
347ticket_parse (const char* raw_data,
348 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
349 struct TokenTicket **ticket);
350
351#endif
diff --git a/src/identity-provider/plugin_identity_provider_sqlite.c b/src/identity-provider/plugin_identity_provider_sqlite.c
index 7a19ba827..ff2d3a22e 100644
--- a/src/identity-provider/plugin_identity_provider_sqlite.c
+++ b/src/identity-provider/plugin_identity_provider_sqlite.c
@@ -358,7 +358,7 @@ database_shutdown (struct Plugin *plugin)
358 */ 358 */
359static int 359static int
360identity_provider_sqlite_store_ticket (void *cls, 360identity_provider_sqlite_store_ticket (void *cls,
361 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) 361 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
362{ 362{
363 struct Plugin *plugin = cls; 363 struct Plugin *plugin = cls;
364 int n; 364 int n;
@@ -437,7 +437,7 @@ identity_provider_sqlite_store_ticket (void *cls,
437 */ 437 */
438static int 438static int
439identity_provider_sqlite_delete_ticket (void *cls, 439identity_provider_sqlite_delete_ticket (void *cls,
440 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket) 440 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
441{ 441{
442 struct Plugin *plugin = cls; 442 struct Plugin *plugin = cls;
443 int n; 443 int n;
@@ -502,7 +502,7 @@ get_ticket_and_call_iterator (struct Plugin *plugin,
502 GNUNET_IDENTITY_PROVIDER_TicketIterator iter, 502 GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
503 void *iter_cls) 503 void *iter_cls)
504{ 504{
505 struct GNUNET_IDENTITY_PROVIDER_Ticket2 ticket; 505 struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
506 int ret; 506 int ret;
507 int sret; 507 int sret;
508 508
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
deleted file mode 100644
index dfb935f5b..000000000
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ /dev/null
@@ -1,1216 +0,0 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012-2015 GNUnet e.V.
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
19 */
20/**
21 * @author Martin Schanzenbach
22 * @file identity/plugin_rest_identity.c
23 * @brief GNUnet Namestore REST plugin
24 *
25 */
26
27#include "platform.h"
28#include "gnunet_rest_plugin.h"
29#include "gnunet_identity_service.h"
30#include "gnunet_gns_service.h"
31#include "gnunet_gnsrecord_lib.h"
32#include "gnunet_namestore_service.h"
33#include "gnunet_rest_lib.h"
34#include "gnunet_jsonapi_lib.h"
35#include "gnunet_jsonapi_util.h"
36#include "microhttpd.h"
37#include <jansson.h>
38#include <inttypes.h>
39#include "gnunet_signatures.h"
40#include "gnunet_identity_provider_service.h"
41
42/**
43 * REST root namespace
44 */
45#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp"
46
47/**
48 * Issue namespace
49 */
50#define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/idp/issue"
51
52/**
53 * Check namespace TODO
54 */
55#define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/idp/check"
56
57/**
58 * Token namespace
59 */
60#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/idp/token"
61
62/**
63 * The parameter name in which the ticket must be provided
64 */
65#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket"
66
67/**
68 * The parameter name in which the expected nonce must be provided
69 */
70#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce"
71
72/**
73 * The parameter name in which the ticket must be provided
74 */
75#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN "token"
76
77/**
78 * The URL parameter name in which the nonce must be provided
79 */
80#define GNUNET_IDENTITY_TOKEN_REQUEST_NONCE "nonce"
81
82/**
83 * State while collecting all egos
84 */
85#define ID_REST_STATE_INIT 0
86
87/**
88 * Done collecting egos
89 */
90#define ID_REST_STATE_POST_INIT 1
91
92/**
93 * Resource type
94 */
95#define GNUNET_REST_JSONAPI_IDENTITY_TOKEN "token"
96
97/**
98 * URL parameter to create a GNUid token for a specific audience
99 */
100#define GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST "audience"
101
102/**
103 * URL parameter to create a GNUid token for a specific issuer (EGO)
104 */
105#define GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST "issuer"
106
107/**
108 * Attributes passed to issue request
109 */
110#define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs"
111
112/**
113 * Attributes passed to issue request
114 */
115#define GNUNET_IDENTITY_TOKEN_V_ATTR_LIST "requested_verified_attrs"
116
117
118/**
119 * Token expiration string
120 */
121#define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration"
122
123/**
124 * Error messages
125 */
126#define GNUNET_REST_ERROR_RESOURCE_INVALID "Resource location invalid"
127#define GNUNET_REST_ERROR_NO_DATA "No data"
128
129/**
130 * GNUid token lifetime
131 */
132#define GNUNET_GNUID_TOKEN_EXPIRATION_MICROSECONDS 300000000
133
134/**
135 * The configuration handle
136 */
137const struct GNUNET_CONFIGURATION_Handle *cfg;
138
139/**
140 * HTTP methods allows for this plugin
141 */
142static char* allow_methods;
143
144/**
145 * @brief struct returned by the initialization function of the plugin
146 */
147struct Plugin
148{
149 const struct GNUNET_CONFIGURATION_Handle *cfg;
150};
151
152/**
153 * The ego list
154 */
155struct EgoEntry
156{
157 /**
158 * DLL
159 */
160 struct EgoEntry *next;
161
162 /**
163 * DLL
164 */
165 struct EgoEntry *prev;
166
167 /**
168 * Ego Identifier
169 */
170 char *identifier;
171
172 /**
173 * Public key string
174 */
175 char *keystring;
176
177 /**
178 * The Ego
179 */
180 struct GNUNET_IDENTITY_Ego *ego;
181};
182
183
184struct RequestHandle
185{
186 /**
187 * Ego list
188 */
189 struct EgoEntry *ego_head;
190
191 /**
192 * Ego list
193 */
194 struct EgoEntry *ego_tail;
195
196 /**
197 * Selected ego
198 */
199 struct EgoEntry *ego_entry;
200
201 /**
202 * Ptr to current ego private key
203 */
204 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
205
206 /**
207 * Handle to the rest connection
208 */
209 struct GNUNET_REST_RequestHandle *conndata_handle;
210
211 /**
212 * The processing state
213 */
214 int state;
215
216 /**
217 * Handle to Identity service.
218 */
219 struct GNUNET_IDENTITY_Handle *identity_handle;
220
221 /**
222 * IDENTITY Operation
223 */
224 struct GNUNET_IDENTITY_Operation *op;
225
226 /**
227 * Identity Provider
228 */
229 struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
230
231 /**
232 * Idp Operation
233 */
234 struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
235
236 /**
237 * Handle to NS service
238 */
239 struct GNUNET_NAMESTORE_Handle *ns_handle;
240
241 /**
242 * NS iterator
243 */
244 struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
245
246 /**
247 * NS Handle
248 */
249 struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
250
251 /**
252 * Desired timeout for the lookup (default is no timeout).
253 */
254 struct GNUNET_TIME_Relative timeout;
255
256 /**
257 * ID of a task associated with the resolution process.
258 */
259 struct GNUNET_SCHEDULER_Task *timeout_task;
260
261 /**
262 * The plugin result processor
263 */
264 GNUNET_REST_ResultProcessor proc;
265
266 /**
267 * The closure of the result processor
268 */
269 void *proc_cls;
270
271 /**
272 * The url
273 */
274 char *url;
275
276 /**
277 * Error response message
278 */
279 char *emsg;
280
281 /**
282 * Reponse code
283 */
284 int response_code;
285
286 /**
287 * Response object
288 */
289 struct GNUNET_JSONAPI_Document *resp_object;
290
291};
292
293
294/**
295 * Cleanup lookup handle
296 * @param handle Handle to clean up
297 */
298static void
299cleanup_handle (struct RequestHandle *handle)
300{
301 struct EgoEntry *ego_entry;
302 struct EgoEntry *ego_tmp;
303 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
304 "Cleaning up\n");
305 if (NULL != handle->resp_object)
306 GNUNET_JSONAPI_document_delete (handle->resp_object);
307 if (NULL != handle->timeout_task)
308 GNUNET_SCHEDULER_cancel (handle->timeout_task);
309 if (NULL != handle->identity_handle)
310 GNUNET_IDENTITY_disconnect (handle->identity_handle);
311 if (NULL != handle->idp)
312 GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
313 if (NULL != handle->ns_it)
314 GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
315 if (NULL != handle->ns_qe)
316 GNUNET_NAMESTORE_cancel (handle->ns_qe);
317 if (NULL != handle->ns_handle)
318 GNUNET_NAMESTORE_disconnect (handle->ns_handle);
319 if (NULL != handle->url)
320 GNUNET_free (handle->url);
321 if (NULL != handle->emsg)
322 GNUNET_free (handle->emsg);
323 for (ego_entry = handle->ego_head;
324 NULL != ego_entry;)
325 {
326 ego_tmp = ego_entry;
327 ego_entry = ego_entry->next;
328 GNUNET_free (ego_tmp->identifier);
329 GNUNET_free (ego_tmp->keystring);
330 GNUNET_free (ego_tmp);
331 }
332 GNUNET_free (handle);
333}
334
335
336/**
337 * Task run on error, sends error message. Cleans up everything.
338 *
339 * @param cls the `struct RequestHandle`
340 */
341static void
342do_error (void *cls)
343{
344 struct RequestHandle *handle = cls;
345 struct MHD_Response *resp;
346 char *json_error;
347
348 GNUNET_asprintf (&json_error,
349 "{Error while processing request: %s}",
350 handle->emsg);
351 resp = GNUNET_REST_create_response (json_error);
352 handle->proc (handle->proc_cls, resp, handle->response_code);
353 cleanup_handle (handle);
354 GNUNET_free (json_error);
355}
356
357/**
358 * Task run on timeout, sends error message. Cleans up everything.
359 *
360 * @param cls the `struct RequestHandle`
361 */
362static void
363do_timeout (void *cls)
364{
365 struct RequestHandle *handle = cls;
366
367 handle->timeout_task = NULL;
368 do_error (handle);
369}
370
371
372/**
373 * Task run on shutdown. Cleans up everything.
374 *
375 * @param cls unused
376 */
377static void
378do_cleanup_handle_delayed (void *cls)
379{
380 struct RequestHandle *handle = cls;
381
382 cleanup_handle (handle);
383}
384
385
386/**
387 * Get a ticket for identity
388 * @param cls the handle
389 * @param ticket the ticket returned from the idp
390 */
391static void
392token_creat_cont (void *cls,
393 const char *label,
394 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
395 const struct GNUNET_IDENTITY_PROVIDER_Token *token)
396{
397 struct GNUNET_JSONAPI_Resource *json_resource;
398 struct RequestHandle *handle = cls;
399 struct MHD_Response *resp;
400 json_t *ticket_json;
401 json_t *token_json;
402 char *ticket_str;
403 char *token_str;
404 char *result_str;
405
406 handle->idp_op = NULL;
407
408 if (NULL == ticket)
409 {
410 handle->emsg = GNUNET_strdup ("Error in token issue");
411 GNUNET_SCHEDULER_add_now (&do_error, handle);
412 return;
413 }
414
415 handle->resp_object = GNUNET_JSONAPI_document_new ();
416 json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
417 label);
418 ticket_str = GNUNET_IDENTITY_PROVIDER_ticket_to_string (ticket);
419 token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token);
420 ticket_json = json_string (ticket_str);
421 token_json = json_string (token_str);
422 GNUNET_JSONAPI_resource_add_attr (json_resource,
423 GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
424 ticket_json);
425 GNUNET_JSONAPI_resource_add_attr (json_resource,
426 GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN,
427 token_json);
428 GNUNET_free (ticket_str);
429 GNUNET_free (token_str);
430 json_decref (ticket_json);
431 json_decref (token_json);
432 GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
433
434 GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str);
435 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
436 resp = GNUNET_REST_create_response (result_str);
437 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
438 GNUNET_free (result_str);
439 GNUNET_SCHEDULER_add_now (&do_cleanup_handle_delayed, handle);
440}
441
442
443/**
444 * Continueationf for token issue request
445 *
446 * @param con the Rest handle
447 * @param url the requested url
448 * @param cls the request handle
449 */
450static void
451issue_token_cont (struct GNUNET_REST_RequestHandle *con,
452 const char *url,
453 void *cls)
454{
455 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
456 const char *egoname;
457
458 struct RequestHandle *handle = cls;
459 struct EgoEntry *ego_entry;
460 struct GNUNET_HashCode key;
461 struct MHD_Response *resp;
462 struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
463 struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
464 struct GNUNET_TIME_Relative etime_rel;
465 struct GNUNET_TIME_Absolute exp_time;
466 char *ego_val;
467 char *audience;
468 char *exp_str;
469 char *nonce_str;
470 char *scopes;
471 char *vattrs;
472 uint64_t time;
473 uint64_t nonce;
474
475 if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url,
476 GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE))
477 {
478 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "URL invalid: %s\n", handle->url);
479 resp = GNUNET_REST_create_response (NULL);
480 handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
481 cleanup_handle (handle);
482 return;
483 }
484 egoname = NULL;
485 ego_entry = NULL;
486 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST,
487 strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST),
488 &key);
489 if ( GNUNET_YES !=
490 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
491 &key) )
492 {
493 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
494 "Issuer not found\n");
495 GNUNET_SCHEDULER_add_now (&do_error, handle);
496 return;
497 }
498 ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
499 &key);
500 if (NULL == ego_val)
501 {
502 GNUNET_SCHEDULER_add_now (&do_error, handle);
503 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
504 "Ego invalid: %s\n",
505 ego_val);
506 return;
507 }
508 for (ego_entry = handle->ego_head;
509 NULL != ego_entry;
510 ego_entry = ego_entry->next)
511 {
512 if (0 != strcmp (ego_val, ego_entry->identifier))
513 continue;
514 egoname = ego_entry->identifier;
515 break;
516 }
517 if ( (NULL == egoname) ||
518 (NULL == ego_entry) )
519 {
520 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
521 "Ego not found: %s\n",
522 ego_val);
523 GNUNET_SCHEDULER_add_now (&do_error, handle);
524 return;
525 }
526 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
527 "Ego to issue token for: %s\n",
528 egoname);
529
530
531 //Meta info
532 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_ATTR_LIST,
533 strlen (GNUNET_IDENTITY_TOKEN_ATTR_LIST),
534 &key);
535
536 scopes = NULL;
537 if ( GNUNET_YES !=
538 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
539 &key) )
540 {
541 handle->emsg = GNUNET_strdup ("Scopes missing!\n");
542 GNUNET_SCHEDULER_add_now (&do_error, handle);
543 return;
544 }
545 scopes = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
546 &key);
547
548 //vattrs
549 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST,
550 strlen (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST),
551 &key);
552
553 vattrs = NULL;
554 if ( GNUNET_YES ==
555 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
556 &key) )
557 {
558 vattrs = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
559 &key);
560 }
561
562
563
564 //Token audience
565 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST,
566 strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST),
567 &key);
568 audience = NULL;
569 if ( GNUNET_YES !=
570 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
571 &key) )
572 {
573 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
574 "Audience missing!\n");
575 GNUNET_SCHEDULER_add_now (&do_error, handle);
576 return;
577 }
578 audience = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
579 &key);
580 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
581 "Audience to issue token for: %s\n",
582 audience);
583
584 priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
585 GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
586 &pub_key);
587 GNUNET_STRINGS_string_to_data (audience,
588 strlen (audience),
589 &aud_key,
590 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
591
592 //Remote nonce
593 nonce_str = NULL;
594 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_REQUEST_NONCE,
595 strlen (GNUNET_IDENTITY_TOKEN_REQUEST_NONCE),
596 &key);
597 if ( GNUNET_YES !=
598 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
599 &key) )
600 {
601 handle->emsg = GNUNET_strdup ("Request nonce missing!\n");
602 GNUNET_SCHEDULER_add_now (&do_error, handle);
603 return;
604 }
605 nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
606 &key);
607 GNUNET_assert (NULL != nonce_str);
608 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
609 "Request nonce: %s\n",
610 nonce_str);
611 GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &nonce));
612
613 //Get expiration for token from URL parameter
614 GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_EXP_STRING,
615 strlen (GNUNET_IDENTITY_TOKEN_EXP_STRING),
616 &key);
617
618 exp_str = NULL;
619 if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
620 &key))
621 {
622 exp_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
623 &key);
624 }
625 if (NULL == exp_str) {
626 handle->emsg = GNUNET_strdup ("No expiration given!\n");
627 GNUNET_SCHEDULER_add_now (&do_error, handle);
628 return;
629 }
630
631 if (GNUNET_OK !=
632 GNUNET_STRINGS_fancy_time_to_relative (exp_str,
633 &etime_rel))
634 {
635 handle->emsg = GNUNET_strdup ("Expiration invalid!\n");
636 GNUNET_SCHEDULER_add_now (&do_error, handle);
637 return;
638 }
639 time = GNUNET_TIME_absolute_get().abs_value_us;
640 exp_time.abs_value_us = time + etime_rel.rel_value_us;
641
642 handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
643 handle->idp_op = GNUNET_IDENTITY_PROVIDER_issue_token (handle->idp,
644 priv_key,
645 &aud_key,
646 scopes,
647 vattrs,
648 exp_time,
649 nonce,
650 &token_creat_cont,
651 handle);
652
653}
654
655
656/**
657 * Build a GNUid token for identity
658 *
659 * @param cls the request handle
660 */
661static void
662return_token_list (void *cls)
663{
664 char* result_str;
665 struct RequestHandle *handle = cls;
666 struct MHD_Response *resp;
667
668 GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str);
669 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
670 resp = GNUNET_REST_create_response (result_str);
671 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
672 GNUNET_free (result_str);
673 cleanup_handle (handle);
674}
675
676
677static void
678token_collect_error_cb (void *cls)
679{
680 struct RequestHandle *handle = cls;
681
682 do_error (handle);
683}
684
685
686/**
687 * Collect all tokens for an ego
688 *
689 * TODO move this into the identity-provider service
690 *
691 */
692static void
693token_collect (void *cls,
694 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
695 const char *label,
696 unsigned int rd_count,
697 const struct GNUNET_GNSRECORD_Data *rd);
698
699
700static void
701token_collect_finished_cb (void *cls)
702{
703 struct RequestHandle *handle = cls;
704 struct EgoEntry *ego_tmp;
705 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
706
707 ego_tmp = handle->ego_head;
708 GNUNET_CONTAINER_DLL_remove (handle->ego_head,
709 handle->ego_tail,
710 ego_tmp);
711 GNUNET_free (ego_tmp->identifier);
712 GNUNET_free (ego_tmp->keystring);
713 GNUNET_free (ego_tmp);
714
715 if (NULL == handle->ego_head)
716 {
717 //Done
718 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token END\n");
719 handle->ns_it = NULL;
720 GNUNET_SCHEDULER_add_now (&return_token_list, handle);
721 return;
722 }
723
724 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
725 "Next ego: %s\n",
726 handle->ego_head->identifier);
727 priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
728 handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle,
729 priv_key,
730 &token_collect_error_cb,
731 handle,
732 &token_collect,
733 handle,
734 &token_collect_finished_cb,
735 handle);
736}
737
738
739/**
740 * Collect all tokens for an ego
741 *
742 * TODO move this into the identity-provider service
743 *
744 */
745static void
746token_collect (void *cls,
747 const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
748 const char *label,
749 unsigned int rd_count,
750 const struct GNUNET_GNSRECORD_Data *rd)
751{
752 struct RequestHandle *handle = cls;
753 int i;
754 char* data;
755 struct GNUNET_JSONAPI_Resource *json_resource;
756 json_t *issuer;
757 json_t *token;
758
759 for (i = 0; i < rd_count; i++)
760 {
761 if (rd[i].record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN)
762 {
763 data = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
764 rd[i].data,
765 rd[i].data_size);
766 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token: %s\n", data);
767 json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
768 label);
769 issuer = json_string (handle->ego_head->identifier);
770 GNUNET_JSONAPI_resource_add_attr (json_resource,
771 GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST,
772 issuer);
773 json_decref (issuer);
774 token = json_string (data);
775 GNUNET_JSONAPI_resource_add_attr (json_resource,
776 GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
777 token);
778 json_decref (token);
779
780 GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
781 GNUNET_free (data);
782 }
783 }
784
785 GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
786}
787
788
789
790/**
791 * Respond to OPTIONS request
792 *
793 * @param con_handle the connection handle
794 * @param url the url
795 * @param cls the RequestHandle
796 */
797static void
798list_token_cont (struct GNUNET_REST_RequestHandle *con_handle,
799 const char* url,
800 void *cls)
801{
802 char* ego_val;
803 struct GNUNET_HashCode key;
804 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
805 struct RequestHandle *handle = cls;
806 struct EgoEntry *ego_entry;
807 struct EgoEntry *ego_tmp;
808
809 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST,
810 strlen (GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST),
811 &key);
812
813 if ( GNUNET_YES !=
814 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
815 &key) )
816 {
817 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No issuer given.\n");
818 GNUNET_SCHEDULER_add_now (&do_error, handle);
819 return;
820 }
821 ego_val = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
822 &key);
823 GNUNET_assert (NULL != ego_val);
824 //Remove non-matching egos
825 for (ego_entry = handle->ego_head;
826 NULL != ego_entry;)
827 {
828 ego_tmp = ego_entry;
829 ego_entry = ego_entry->next;
830 if (0 != strcmp (ego_val, ego_tmp->identifier))
831 {
832 GNUNET_CONTAINER_DLL_remove (handle->ego_head,
833 handle->ego_tail,
834 ego_tmp);
835 GNUNET_free (ego_tmp->identifier);
836 GNUNET_free (ego_tmp->keystring);
837 GNUNET_free (ego_tmp);
838 }
839 }
840 handle->resp_object = GNUNET_JSONAPI_document_new ();
841 if (NULL == handle->ego_head)
842 {
843 //Done
844 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "No results.\n");
845 GNUNET_SCHEDULER_add_now (&return_token_list, handle);
846 return;
847 }
848 priv_key = GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
849 handle->ns_handle = GNUNET_NAMESTORE_connect (cfg);
850 handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle,
851 priv_key,
852 &token_collect_error_cb,
853 handle,
854 &token_collect,
855 handle,
856 &token_collect_finished_cb,
857 handle);
858
859}
860
861/**
862 * Return token to requestor
863 *
864 * @param cls request handle
865 * @param token the token
866 */
867static void
868exchange_cont (void *cls,
869 const struct GNUNET_IDENTITY_PROVIDER_Token *token,
870 uint64_t ticket_nonce)
871{
872 json_t *root;
873 struct RequestHandle *handle = cls;
874 struct MHD_Response *resp;
875 struct GNUNET_HashCode key;
876 char* result;
877 char* token_str;
878 char* nonce_str;
879 uint64_t expected_nonce;
880
881 //Get nonce
882 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE,
883 strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE),
884 &key);
885
886 if ( GNUNET_NO ==
887 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
888 &key) )
889 {
890 handle->emsg = GNUNET_strdup ("No nonce given.");
891 GNUNET_SCHEDULER_add_now (&do_error, handle);
892 return;
893 }
894 nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
895 &key);
896 GNUNET_assert (NULL != nonce_str);
897 GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &expected_nonce));
898
899 if (ticket_nonce != expected_nonce)
900 {
901 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
902 "Ticket nonce %"SCNu64" does not match expected nonce %"SCNu64"\n",
903 ticket_nonce, expected_nonce);
904 handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n");
905 GNUNET_SCHEDULER_add_now (&do_error, handle);
906 return;
907 }
908
909 root = json_object ();
910 token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token);
911 json_object_set_new (root, "token", json_string (token_str));
912 json_object_set_new (root, "token_type", json_string ("jwt"));
913 GNUNET_free (token_str);
914
915 result = json_dumps (root, JSON_INDENT(1));
916 resp = GNUNET_REST_create_response (result);
917 GNUNET_free (result);
918 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
919 cleanup_handle (handle);
920 json_decref (root);
921}
922
923
924/**
925 *
926 * Callback called when identity for token exchange has been found
927 *
928 * @param cls request handle
929 * @param ego the identity to use as issuer
930 * @param ctx user context
931 * @param name identity name
932 *
933 */
934static void
935exchange_token_ticket_cb (void *cls,
936 struct GNUNET_IDENTITY_Ego *ego,
937 void **ctx,
938 const char *name)
939{
940 struct RequestHandle *handle = cls;
941 struct GNUNET_HashCode key;
942 struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
943 char* ticket_str;
944
945 handle->op = NULL;
946
947 if (NULL == ego)
948 {
949 handle->emsg = GNUNET_strdup ("No identity found.");
950 GNUNET_SCHEDULER_add_now (&do_error, handle);
951 return;
952 }
953
954 //Get ticket
955 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
956 strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET),
957 &key);
958
959 if ( GNUNET_NO ==
960 GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
961 &key) )
962 {
963 handle->emsg = GNUNET_strdup ("No ticket given.");
964 GNUNET_SCHEDULER_add_now (&do_error, handle);
965 return;
966 }
967 ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
968 &key);
969 handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
970 GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str,
971 &ticket);
972
973 handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
974 handle->idp_op = GNUNET_IDENTITY_PROVIDER_exchange_ticket (handle->idp,
975 ticket,
976 handle->priv_key,
977 &exchange_cont,
978 handle);
979 GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket);
980
981}
982
983
984
985/**
986 * Respond to issue request
987 *
988 * @param con_handle the connection handle
989 * @param url the url
990 * @param cls the RequestHandle
991 */
992static void
993exchange_token_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
994 const char* url,
995 void *cls)
996{
997 struct RequestHandle *handle = cls;
998
999 //Get token from GNS
1000 handle->op = GNUNET_IDENTITY_get (handle->identity_handle,
1001 "gns-master",
1002 &exchange_token_ticket_cb,
1003 handle);
1004}
1005
1006/**
1007 * Respond to OPTIONS request
1008 *
1009 * @param con_handle the connection handle
1010 * @param url the url
1011 * @param cls the RequestHandle
1012 */
1013static void
1014options_cont (struct GNUNET_REST_RequestHandle *con_handle,
1015 const char* url,
1016 void *cls)
1017{
1018 struct MHD_Response *resp;
1019 struct RequestHandle *handle = cls;
1020
1021 //For now, independent of path return all options
1022 resp = GNUNET_REST_create_response (NULL);
1023 MHD_add_response_header (resp,
1024 "Access-Control-Allow-Methods",
1025 allow_methods);
1026 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
1027 cleanup_handle (handle);
1028 return;
1029}
1030
1031/**
1032 * Handle rest request
1033 *
1034 * @param handle the request handle
1035 */
1036static void
1037init_cont (struct RequestHandle *handle)
1038{
1039 struct GNUNET_REST_RequestHandlerError err;
1040 static const struct GNUNET_REST_RequestHandler handlers[] = {
1041 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE, &issue_token_cont},
1042 //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont},
1043 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &list_token_cont},
1044 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, &options_cont},
1045 {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont},
1046 GNUNET_REST_HANDLER_END
1047 };
1048
1049 if (GNUNET_NO == GNUNET_REST_handle_request (handle->conndata_handle,
1050 handlers,
1051 &err,
1052 handle))
1053 {
1054 handle->response_code = err.error_code;
1055 GNUNET_SCHEDULER_add_now (&do_error, handle);
1056 }
1057}
1058
1059/**
1060 * If listing is enabled, prints information about the egos.
1061 *
1062 * This function is initially called for all egos and then again
1063 * whenever a ego's identifier changes or if it is deleted. At the
1064 * end of the initial pass over all egos, the function is once called
1065 * with 'NULL' for 'ego'. That does NOT mean that the callback won't
1066 * be invoked in the future or that there was an error.
1067 *
1068 * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
1069 * this function is only called ONCE, and 'NULL' being passed in
1070 * 'ego' does indicate an error (i.e. name is taken or no default
1071 * value is known). If 'ego' is non-NULL and if '*ctx'
1072 * is set in those callbacks, the value WILL be passed to a subsequent
1073 * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
1074 * that one was not NULL).
1075 *
1076 * When an identity is renamed, this function is called with the
1077 * (known) ego but the NEW identifier.
1078 *
1079 * When an identity is deleted, this function is called with the
1080 * (known) ego and "NULL" for the 'identifier'. In this case,
1081 * the 'ego' is henceforth invalid (and the 'ctx' should also be
1082 * cleaned up).
1083 *
1084 * @param cls closure
1085 * @param ego ego handle
1086 * @param ctx context for application to store data for this ego
1087 * (during the lifetime of this process, initially NULL)
1088 * @param identifier identifier assigned by the user for this ego,
1089 * NULL if the user just deleted the ego and it
1090 * must thus no longer be used
1091 */
1092static void
1093list_ego (void *cls,
1094 struct GNUNET_IDENTITY_Ego *ego,
1095 void **ctx,
1096 const char *identifier)
1097{
1098 struct RequestHandle *handle = cls;
1099 struct EgoEntry *ego_entry;
1100 struct GNUNET_CRYPTO_EcdsaPublicKey pk;
1101
1102 if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
1103 {
1104 handle->state = ID_REST_STATE_POST_INIT;
1105 init_cont (handle);
1106 return;
1107 }
1108 if (ID_REST_STATE_INIT == handle->state) {
1109 ego_entry = GNUNET_new (struct EgoEntry);
1110 GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
1111 ego_entry->keystring =
1112 GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
1113 ego_entry->ego = ego;
1114 ego_entry->identifier = GNUNET_strdup (identifier);
1115 GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
1116 }
1117
1118}
1119
1120/**
1121 * Function processing the REST call
1122 *
1123 * @param method HTTP method
1124 * @param url URL of the HTTP request
1125 * @param data body of the HTTP request (optional)
1126 * @param data_size length of the body
1127 * @param proc callback function for the result
1128 * @param proc_cls closure for callback function
1129 * @return GNUNET_OK if request accepted
1130 */
1131static void
1132rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle,
1133 GNUNET_REST_ResultProcessor proc,
1134 void *proc_cls)
1135{
1136 struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
1137
1138 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
1139 handle->proc_cls = proc_cls;
1140 handle->proc = proc;
1141 handle->state = ID_REST_STATE_INIT;
1142 handle->conndata_handle = conndata_handle;
1143
1144
1145 handle->url = GNUNET_strdup (conndata_handle->url);
1146 if (handle->url[strlen (handle->url)-1] == '/')
1147 handle->url[strlen (handle->url)-1] = '\0';
1148 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1149 "Connecting...\n");
1150 handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
1151 &list_ego,
1152 handle);
1153 handle->timeout_task =
1154 GNUNET_SCHEDULER_add_delayed (handle->timeout,
1155 &do_timeout,
1156 handle);
1157 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1158 "Connected\n");
1159}
1160
1161/**
1162 * Entry point for the plugin.
1163 *
1164 * @param cls Config info
1165 * @return NULL on error, otherwise the plugin context
1166 */
1167void *
1168libgnunet_plugin_rest_identity_provider_init (void *cls)
1169{
1170 static struct Plugin plugin;
1171 struct GNUNET_REST_Plugin *api;
1172
1173 cfg = cls;
1174 if (NULL != plugin.cfg)
1175 return NULL; /* can only initialize once! */
1176 memset (&plugin, 0, sizeof (struct Plugin));
1177 plugin.cfg = cfg;
1178 api = GNUNET_new (struct GNUNET_REST_Plugin);
1179 api->cls = &plugin;
1180 api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER;
1181 api->process_request = &rest_identity_process_request;
1182 GNUNET_asprintf (&allow_methods,
1183 "%s, %s, %s, %s, %s",
1184 MHD_HTTP_METHOD_GET,
1185 MHD_HTTP_METHOD_POST,
1186 MHD_HTTP_METHOD_PUT,
1187 MHD_HTTP_METHOD_DELETE,
1188 MHD_HTTP_METHOD_OPTIONS);
1189
1190 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
1191 _("Identity Token REST API initialized\n"));
1192 return api;
1193}
1194
1195
1196/**
1197 * Exit point from the plugin.
1198 *
1199 * @param cls the plugin context (as returned by "init")
1200 * @return always NULL
1201 */
1202void *
1203libgnunet_plugin_rest_identity_provider_done (void *cls)
1204{
1205 struct GNUNET_REST_Plugin *api = cls;
1206 struct Plugin *plugin = api->cls;
1207
1208 plugin->cfg = NULL;
1209 GNUNET_free_non_null (allow_methods);
1210 GNUNET_free (api);
1211 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
1212 "Identity Token REST plugin is finished\n");
1213 return NULL;
1214}
1215
1216/* end of plugin_rest_gns.c */
diff --git a/src/include/gnunet_identity_provider_plugin.h b/src/include/gnunet_identity_provider_plugin.h
index 9e779bde7..27d7eb44f 100644
--- a/src/include/gnunet_identity_provider_plugin.h
+++ b/src/include/gnunet_identity_provider_plugin.h
@@ -50,7 +50,7 @@ extern "C"
50 * @param ticket the ticket 50 * @param ticket the ticket
51 */ 51 */
52typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls, 52typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
53 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); 53 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
54 54
55 55
56/** 56/**
@@ -72,7 +72,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
72 * @return #GNUNET_OK on success, else #GNUNET_SYSERR 72 * @return #GNUNET_OK on success, else #GNUNET_SYSERR
73 */ 73 */
74 int (*store_ticket) (void *cls, 74 int (*store_ticket) (void *cls,
75 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); 75 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
76 76
77 /** 77 /**
78 * Delete a ticket from the database. 78 * Delete a ticket from the database.
@@ -82,7 +82,7 @@ struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
82 * @return #GNUNET_OK on success, else #GNUNET_SYSERR 82 * @return #GNUNET_OK on success, else #GNUNET_SYSERR
83 */ 83 */
84 int (*delete_ticket) (void *cls, 84 int (*delete_ticket) (void *cls,
85 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); 85 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
86 86
87 87
88 88
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h
index 198e2f918..fb5131567 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_identity_provider_service.h
@@ -57,14 +57,9 @@ struct GNUNET_IDENTITY_PROVIDER_Handle;
57struct GNUNET_IDENTITY_PROVIDER_Token; 57struct GNUNET_IDENTITY_PROVIDER_Token;
58 58
59/** 59/**
60 * Handle for a ticket DEPRECATED
61 */
62struct GNUNET_IDENTITY_PROVIDER_Ticket;
63
64/**
65 * The ticket 60 * The ticket
66 */ 61 */
67struct GNUNET_IDENTITY_PROVIDER_Ticket2 62struct GNUNET_IDENTITY_PROVIDER_Ticket
68{ 63{
69 /** 64 /**
70 * The ticket issuer 65 * The ticket issuer
@@ -170,38 +165,6 @@ struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry
170}; 165};
171 166
172/** 167/**
173 * Method called when a token has been exchanged for a ticket.
174 * On success returns a token
175 *
176 * @param cls closure
177 * @param token the token
178 */
179typedef void
180(*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls,
181 const struct GNUNET_IDENTITY_PROVIDER_Token *token,
182 uint64_t ticket_nonce);
183
184/** TODO DEPRECATED
185 * Method called when a token has been issued.
186 * On success returns a ticket that can be given to the audience to retrive the
187 * token
188 *
189 * @param cls closure
190 * @param grant the label in GNS pointing to the token
191 * @param ticket the ticket
192 * @param token the issued token
193 * @param name name assigned by the user for this ego,
194 * NULL if the user just deleted the ego and it
195 * must thus no longer be used
196 */
197typedef void
198(*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls,
199 const char *grant,
200 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
201 const struct GNUNET_IDENTITY_PROVIDER_Token *token);
202
203
204/**
205 * Connect to the identity provider service. 168 * Connect to the identity provider service.
206 * 169 *
207 * @param cfg Configuration to contact the identity provider service. 170 * @param cfg Configuration to contact the identity provider service.
@@ -340,7 +303,7 @@ GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_At
340 */ 303 */
341typedef void 304typedef void
342(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, 305(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
343 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket); 306 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
344 307
345/** 308/**
346 * Issues a ticket to another identity. The identity may use 309 * Issues a ticket to another identity. The identity may use
@@ -397,7 +360,7 @@ GNUNET_IDENTITY_PROVIDER_idp_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Hand
397struct GNUNET_IDENTITY_PROVIDER_Operation * 360struct GNUNET_IDENTITY_PROVIDER_Operation *
398GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id, 361GNUNET_IDENTITY_PROVIDER_rp_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
399 const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity, 362 const struct GNUNET_CRYPTO_EcdsaPrivateKey * identity,
400 const struct GNUNET_IDENTITY_PROVIDER_Ticket2 *ticket, 363 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
401 GNUNET_IDENTITY_PROVIDER_AttributeResult cb, 364 GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
402 void *cb_cls); 365 void *cb_cls);
403 366
@@ -474,50 +437,6 @@ GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_
474void 437void
475GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); 438GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
476 439
477/** TODO remove DEPRECATED
478 * Issue a token for a specific audience.
479 *
480 * @param id identity provider service to use
481 * @param iss issuer (identity)
482 * @param aud audience (identity)
483 * @param scope the identity attributes requested, comman separated
484 * @param expiration the token expiration
485 * @param nonce the nonce that will be included in token and ticket
486 * @param cb callback to call with result
487 * @param cb_cls closure
488 * @return handle to abort the operation
489 */
490struct GNUNET_IDENTITY_PROVIDER_Operation *
491GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
492 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
493 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
494 const char* scope,
495 const char* vattr,
496 struct GNUNET_TIME_Absolute expiration,
497 uint64_t nonce,
498 GNUNET_IDENTITY_PROVIDER_IssueCallback cb,
499 void *cb_cls);
500
501
502/** TODO remove DEPRECATED
503 * Exchange a ticket for a token. Intended to be used by audience that
504 * received a ticket.
505 *
506 * @param id identity provider service to use
507 * @param ticket the ticket to exchange
508 * @param aud_privkey the audience of the ticket
509 * @param cont function to call once the operation finished
510 * @param cont_cls closure for @a cont
511 * @return handle to abort the operation
512 */
513struct GNUNET_IDENTITY_PROVIDER_Operation *
514GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
515 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
516 const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey,
517 GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont,
518 void *cont_cls);
519
520
521/** 440/**
522 * Disconnect from identity provider service. 441 * Disconnect from identity provider service.
523 * 442 *
@@ -538,56 +457,6 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
538void 457void
539GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); 458GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
540 459
541
542/**
543 * Convenience API
544 */
545
546/**
547 * Destroy token
548 *
549 * @param token the token
550 */
551void
552GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token);
553
554/**
555 * Returns string representation of token. A JSON-Web-Token.
556 *
557 * @param token the token
558 * @return The JWT (must be freed)
559 */
560char *
561GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token);
562
563/**
564 * Returns string representation of ticket. Base64-Encoded
565 *
566 * @param ticket the ticket
567 * @return the Base64-Encoded ticket
568 */
569char *
570GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
571
572/**
573 * Created a ticket from a string (Base64 encoded ticket)
574 *
575 * @param input Base64 encoded ticket
576 * @param ticket pointer where the ticket is stored
577 * @return GNUNET_OK
578 */
579int
580GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input,
581 struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket);
582
583/**
584 * Destroys a ticket
585 *
586 * @param ticket the ticket to destroy
587 */
588void
589GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
590
591#if 0 /* keep Emacsens' auto-indent happy */ 460#if 0 /* keep Emacsens' auto-indent happy */
592{ 461{
593#endif 462#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 22:59:43 +0000