diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-10-09 09:32:43 +0200 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2017-10-09 09:32:43 +0200 |
commit | dc7f9d7e2bf4e9c607738500051adab58b1bd2f3 (patch) | |
tree | 62abb9b7c9e1988035936401b172042c011f4c15 /src | |
parent | be9becc6f217f93f433d3301ae10b0d05ff31096 (diff) | |
download | gnunet-dc7f9d7e2bf4e9c607738500051adab58b1bd2f3.tar.gz gnunet-dc7f9d7e2bf4e9c607738500051adab58b1bd2f3.zip |
-add REST revoke API
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 184 | ||||
-rwxr-xr-x | src/identity-provider/test_idp_consume.sh | 2 |
2 files changed, 172 insertions, 14 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 43251d93d..bb9f210ef 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -55,6 +55,11 @@ | |||
55 | #define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" | 55 | #define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets" |
56 | 56 | ||
57 | /** | 57 | /** |
58 | * Revoke namespace | ||
59 | */ | ||
60 | #define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke" | ||
61 | |||
62 | /** | ||
58 | * Attribute key | 63 | * Attribute key |
59 | */ | 64 | */ |
60 | #define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" | 65 | #define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" |
@@ -154,11 +159,6 @@ struct RequestHandle | |||
154 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 159 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
155 | 160 | ||
156 | /** | 161 | /** |
157 | * Handle to the rest connection | ||
158 | */ | ||
159 | struct GNUNET_REST_RequestHandle *conndata_handle; | ||
160 | |||
161 | /** | ||
162 | * The processing state | 162 | * The processing state |
163 | */ | 163 | */ |
164 | int state; | 164 | int state; |
@@ -169,6 +169,12 @@ struct RequestHandle | |||
169 | struct GNUNET_IDENTITY_Handle *identity_handle; | 169 | struct GNUNET_IDENTITY_Handle *identity_handle; |
170 | 170 | ||
171 | /** | 171 | /** |
172 | * Rest connection | ||
173 | */ | ||
174 | struct GNUNET_REST_RequestHandle *rest_handle; | ||
175 | |||
176 | |||
177 | /** | ||
172 | * IDENTITY Operation | 178 | * IDENTITY Operation |
173 | */ | 179 | */ |
174 | struct GNUNET_IDENTITY_Operation *op; | 180 | struct GNUNET_IDENTITY_Operation *op; |
@@ -187,12 +193,12 @@ struct RequestHandle | |||
187 | * Attribute iterator | 193 | * Attribute iterator |
188 | */ | 194 | */ |
189 | struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; | 195 | struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it; |
190 | 196 | ||
191 | /** | 197 | /** |
192 | * Ticket iterator | 198 | * Ticket iterator |
193 | */ | 199 | */ |
194 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; | 200 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it; |
195 | 201 | ||
196 | /** | 202 | /** |
197 | * Desired timeout for the lookup (default is no timeout). | 203 | * Desired timeout for the lookup (default is no timeout). |
198 | */ | 204 | */ |
@@ -232,7 +238,7 @@ struct RequestHandle | |||
232 | * Response object | 238 | * Response object |
233 | */ | 239 | */ |
234 | struct GNUNET_JSONAPI_Document *resp_object; | 240 | struct GNUNET_JSONAPI_Document *resp_object; |
235 | 241 | ||
236 | /** | 242 | /** |
237 | * Resource object | 243 | * Resource object |
238 | */ | 244 | */ |
@@ -281,6 +287,13 @@ cleanup_handle (struct RequestHandle *handle) | |||
281 | GNUNET_free (handle); | 287 | GNUNET_free (handle); |
282 | } | 288 | } |
283 | 289 | ||
290 | static void | ||
291 | cleanup_handle_delayed (void *cls) | ||
292 | { | ||
293 | cleanup_handle (cls); | ||
294 | } | ||
295 | |||
296 | |||
284 | /** | 297 | /** |
285 | * Task run on error, sends error message. Cleans up everything. | 298 | * Task run on error, sends error message. Cleans up everything. |
286 | * | 299 | * |
@@ -546,6 +559,151 @@ list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
546 | } | 559 | } |
547 | 560 | ||
548 | 561 | ||
562 | static void | ||
563 | revoke_finished_cont (void *cls, | ||
564 | int32_t success, | ||
565 | const char *emsg) | ||
566 | { | ||
567 | struct RequestHandle *handle = cls; | ||
568 | struct MHD_Response *resp; | ||
569 | |||
570 | resp = GNUNET_REST_create_response (emsg); | ||
571 | if (GNUNET_OK != success) | ||
572 | { | ||
573 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
574 | return; | ||
575 | } | ||
576 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
577 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
578 | } | ||
579 | |||
580 | static void | ||
581 | revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
582 | const char* url, | ||
583 | void *cls) | ||
584 | { | ||
585 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv; | ||
586 | const char* identity_str; | ||
587 | const char* audience_str; | ||
588 | const char* rnd_str; | ||
589 | |||
590 | struct RequestHandle *handle = cls; | ||
591 | struct EgoEntry *ego_entry; | ||
592 | struct MHD_Response *resp; | ||
593 | struct GNUNET_IDENTITY_PROVIDER_Ticket ticket; | ||
594 | struct GNUNET_JSONAPI_Document *json_obj; | ||
595 | struct GNUNET_JSONAPI_Resource *json_res; | ||
596 | struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk; | ||
597 | char term_data[handle->rest_handle->data_size+1]; | ||
598 | json_t *rnd_json; | ||
599 | json_t *identity_json; | ||
600 | json_t *audience_json; | ||
601 | json_t *data_json; | ||
602 | json_error_t err; | ||
603 | struct GNUNET_JSON_Specification docspec[] = { | ||
604 | GNUNET_JSON_spec_jsonapi_document (&json_obj), | ||
605 | GNUNET_JSON_spec_end() | ||
606 | }; | ||
607 | |||
608 | if (0 >= handle->rest_handle->data_size) | ||
609 | { | ||
610 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
611 | return; | ||
612 | } | ||
613 | |||
614 | term_data[handle->rest_handle->data_size] = '\0'; | ||
615 | GNUNET_memcpy (term_data, | ||
616 | handle->rest_handle->data, | ||
617 | handle->rest_handle->data_size); | ||
618 | data_json = json_loads (term_data, | ||
619 | JSON_DECODE_ANY, | ||
620 | &err); | ||
621 | GNUNET_assert (GNUNET_OK == | ||
622 | GNUNET_JSON_parse (data_json, docspec, | ||
623 | NULL, NULL)); | ||
624 | json_decref (data_json); | ||
625 | if (NULL == json_obj) | ||
626 | { | ||
627 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
628 | "Unable to parse JSONAPI Object from %s\n", | ||
629 | term_data); | ||
630 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
631 | return; | ||
632 | } | ||
633 | if (1 != GNUNET_JSONAPI_document_resource_count (json_obj)) | ||
634 | { | ||
635 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
636 | "Cannot create more than 1 resource! (Got %d)\n", | ||
637 | GNUNET_JSONAPI_document_resource_count (json_obj)); | ||
638 | GNUNET_JSONAPI_document_delete (json_obj); | ||
639 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
640 | return; | ||
641 | } | ||
642 | json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0); | ||
643 | if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res, | ||
644 | GNUNET_REST_JSONAPI_IDENTITY_TICKET)) | ||
645 | { | ||
646 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
647 | "Unsupported JSON data type\n"); | ||
648 | GNUNET_JSONAPI_document_delete (json_obj); | ||
649 | resp = GNUNET_REST_create_response (NULL); | ||
650 | handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT); | ||
651 | cleanup_handle (handle); | ||
652 | return; | ||
653 | } | ||
654 | rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res, | ||
655 | "rnd"); | ||
656 | identity_json = GNUNET_JSONAPI_resource_read_attr (json_res, | ||
657 | "identity"); | ||
658 | audience_json = GNUNET_JSONAPI_resource_read_attr (json_res, | ||
659 | "audience"); | ||
660 | rnd_str = json_string_value (rnd_json); | ||
661 | identity_str = json_string_value (identity_json); | ||
662 | audience_str = json_string_value (audience_json); | ||
663 | |||
664 | GNUNET_STRINGS_string_to_data (rnd_str, | ||
665 | strlen (rnd_str), | ||
666 | &ticket.rnd, | ||
667 | sizeof (uint64_t)); | ||
668 | GNUNET_STRINGS_string_to_data (identity_str, | ||
669 | strlen (identity_str), | ||
670 | &ticket.identity, | ||
671 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
672 | GNUNET_STRINGS_string_to_data (audience_str, | ||
673 | strlen (audience_str), | ||
674 | &ticket.audience, | ||
675 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
676 | |||
677 | for (ego_entry = handle->ego_head; | ||
678 | NULL != ego_entry; | ||
679 | ego_entry = ego_entry->next) | ||
680 | { | ||
681 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, | ||
682 | &tmp_pk); | ||
683 | if (0 == memcmp (&ticket.identity, | ||
684 | &tmp_pk, | ||
685 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
686 | break; | ||
687 | } | ||
688 | if (NULL == ego_entry) | ||
689 | { | ||
690 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
691 | "Identity unknown (%s)\n", identity_str); | ||
692 | GNUNET_JSONAPI_document_delete (json_obj); | ||
693 | return; | ||
694 | } | ||
695 | identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); | ||
696 | |||
697 | handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg); | ||
698 | handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp, | ||
699 | identity_priv, | ||
700 | &ticket, | ||
701 | &revoke_finished_cont, | ||
702 | handle); | ||
703 | GNUNET_JSONAPI_document_delete (json_obj); | ||
704 | } | ||
705 | |||
706 | |||
549 | /** | 707 | /** |
550 | * Respond to OPTIONS request | 708 | * Respond to OPTIONS request |
551 | * | 709 | * |
@@ -583,12 +741,13 @@ init_cont (struct RequestHandle *handle) | |||
583 | static const struct GNUNET_REST_RequestHandler handlers[] = { | 741 | static const struct GNUNET_REST_RequestHandler handlers[] = { |
584 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, | 742 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont}, |
585 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, | 743 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, |
744 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, | ||
586 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, | 745 | {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER, |
587 | &options_cont}, | 746 | &options_cont}, |
588 | GNUNET_REST_HANDLER_END | 747 | GNUNET_REST_HANDLER_END |
589 | }; | 748 | }; |
590 | 749 | ||
591 | if (GNUNET_NO == GNUNET_REST_handle_request (handle->conndata_handle, | 750 | if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle, |
592 | handlers, | 751 | handlers, |
593 | &err, | 752 | &err, |
594 | handle)) | 753 | handle)) |
@@ -671,7 +830,7 @@ list_ego (void *cls, | |||
671 | * @return GNUNET_OK if request accepted | 830 | * @return GNUNET_OK if request accepted |
672 | */ | 831 | */ |
673 | static void | 832 | static void |
674 | rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, | 833 | rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle, |
675 | GNUNET_REST_ResultProcessor proc, | 834 | GNUNET_REST_ResultProcessor proc, |
676 | void *proc_cls) | 835 | void *proc_cls) |
677 | { | 836 | { |
@@ -681,10 +840,9 @@ rest_identity_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, | |||
681 | handle->proc_cls = proc_cls; | 840 | handle->proc_cls = proc_cls; |
682 | handle->proc = proc; | 841 | handle->proc = proc; |
683 | handle->state = ID_REST_STATE_INIT; | 842 | handle->state = ID_REST_STATE_INIT; |
684 | handle->conndata_handle = conndata_handle; | 843 | handle->rest_handle = rest_handle; |
685 | |||
686 | 844 | ||
687 | handle->url = GNUNET_strdup (conndata_handle->url); | 845 | handle->url = GNUNET_strdup (rest_handle->url); |
688 | if (handle->url[strlen (handle->url)-1] == '/') | 846 | if (handle->url[strlen (handle->url)-1] == '/') |
689 | handle->url[strlen (handle->url)-1] = '\0'; | 847 | handle->url[strlen (handle->url)-1] = '\0'; |
690 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 848 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
diff --git a/src/identity-provider/test_idp_consume.sh b/src/identity-provider/test_idp_consume.sh index 81cd0b149..ab437c0e8 100755 --- a/src/identity-provider/test_idp_consume.sh +++ b/src/identity-provider/test_idp_consume.sh | |||
@@ -35,4 +35,4 @@ TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | |||
35 | echo "Consuming ticket $TICKET" | 35 | echo "Consuming ticket $TICKET" |
36 | gnunet-idp -e rpego -C $TICKET -c test_idp.conf | 36 | gnunet-idp -e rpego -C $TICKET -c test_idp.conf |
37 | curl http://localhost:7776/idp/tickets/testego | 37 | curl http://localhost:7776/idp/tickets/testego |
38 | gnunet-arm -e -c test_idp.conf | 38 | #gnunet-arm -e -c test_idp.conf |