aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/credential/Makefile.am5
-rw-r--r--src/credential/credential.h76
-rw-r--r--src/credential/credential_api.c48
-rw-r--r--src/credential/credential_serialization.c159
-rw-r--r--src/credential/credential_serialization.h20
-rw-r--r--src/credential/gnunet-credential.c21
-rw-r--r--src/credential/gnunet-service-credential.c150
-rw-r--r--src/credential/plugin_gnsrecord_credential.c115
-rw-r--r--src/credential/plugin_rest_credential.c258
-rwxr-xr-xsrc/credential/test_credential_issue.sh4
-rw-r--r--src/credential/test_credential_lookup.conf2
-rwxr-xr-xsrc/credential/test_credential_verify_simple.sh2
-rw-r--r--src/identity-provider/identity_provider_api.c12
-rw-r--r--src/identity/plugin_rest_identity.c3
-rw-r--r--src/include/gnunet_credential_service.h111
-rw-r--r--src/jsonapi/jsonapi_document.c32
16 files changed, 600 insertions, 418 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am
index 5f3b60270..0d9aed71b 100644
--- a/src/credential/Makefile.am
+++ b/src/credential/Makefile.am
@@ -74,8 +74,9 @@ gnunet_service_credential_LDADD = \
74 74
75 75
76libgnunetcredential_la_SOURCES = \ 76libgnunetcredential_la_SOURCES = \
77 credential_api.c credential.h \ 77 credential_api.c \
78 credential_serialization.c 78 credential_serialization.c \
79 credential_misc.c
79libgnunetcredential_la_LIBADD = \ 80libgnunetcredential_la_LIBADD = \
80 $(top_builddir)/src/util/libgnunetutil.la $(XLIB) 81 $(top_builddir)/src/util/libgnunetutil.la $(XLIB)
81libgnunetcredential_la_LDFLAGS = \ 82libgnunetcredential_la_LDFLAGS = \
diff --git a/src/credential/credential.h b/src/credential/credential.h
index 3ba8e9c9e..c5c0183cc 100644
--- a/src/credential/credential.h
+++ b/src/credential/credential.h
@@ -103,6 +103,82 @@ struct VerifyResultMessage
103 103
104}; 104};
105 105
106struct DelegationRecordData
107{
108 /**
109 * Subject key
110 */
111 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
112
113 /**
114 * Subject attributes
115 */
116 uint32_t subject_attribute_len GNUNET_PACKED;
117};
118
119
120struct ChainEntry
121{
122 /**
123 * Issuer key
124 */
125 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
126
127 /**
128 * Subject key
129 */
130 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
131
132 /**
133 * Issuer attributes
134 */
135 uint32_t issuer_attribute_len GNUNET_PACKED;
136
137 /**
138 * Subject attributes
139 */
140 uint32_t subject_attribute_len GNUNET_PACKED;
141};
142
143
144struct CredentialEntry
145{
146
147 /**
148 * The signature for this credential by the issuer
149 */
150 struct GNUNET_CRYPTO_EcdsaSignature signature;
151
152 /**
153 * Signature meta
154 */
155 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
156
157 /**
158 * Public key of the issuer
159 */
160 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
161
162 /**
163 * Public key of the subject this credential was issued to
164 */
165 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
166
167 /**
168 * Expiration time of this credential
169 */
170 uint64_t expiration GNUNET_PACKED;
171
172 /**
173 * Issuer attribute length
174 */
175 uint32_t issuer_attribute_len;
176
177 /**
178 * Followed by the attribute string
179 */
180};
181
106 182
107GNUNET_NETWORK_STRUCT_END 183GNUNET_NETWORK_STRUCT_END
108 184
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index d9e01c1d3..e991b4153 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -430,52 +430,4 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle,
430 return vr; 430 return vr;
431} 431}
432 432
433/**
434 * Issue an attribute to a subject
435 *
436 * @param handle handle to the Credential service
437 * @param issuer the ego that should be used to issue the attribute
438 * @param subject the subject of the attribute
439 * @param attribute the name of the attribute
440 * @return handle to the queued request
441 */
442struct GNUNET_CREDENTIAL_CredentialRecordData *
443GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
444 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
445 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
446 const char *attribute,
447 struct GNUNET_TIME_Absolute *expiration)
448{
449 struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
450
451 crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1);
452
453 crd->purpose.size = htonl (strlen (attribute) + 1 +
454 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
455 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
456 sizeof (uint64_t));
457
458 crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
459 GNUNET_CRYPTO_ecdsa_key_get_public (issuer,
460 &crd->issuer_key);
461 crd->subject_key = *subject;
462 crd->expiration = GNUNET_htonll (expiration->abs_value_us);
463 GNUNET_memcpy (&crd[1],
464 attribute,
465 strlen (attribute));
466 if (GNUNET_OK !=
467 GNUNET_CRYPTO_ecdsa_sign (issuer,
468 &crd->purpose,
469 &crd->signature))
470 {
471 GNUNET_break (0);
472 GNUNET_free (crd);
473 return NULL;
474 }
475 return crd;
476}
477
478
479
480
481/* end of credential_api.c */ 433/* end of credential_api.c */
diff --git a/src/credential/credential_serialization.c b/src/credential/credential_serialization.c
index b08920d96..0586e6baa 100644
--- a/src/credential/credential_serialization.c
+++ b/src/credential/credential_serialization.c
@@ -29,48 +29,8 @@
29#include "gnunet_util_lib.h" 29#include "gnunet_util_lib.h"
30#include "gnunet_constants.h" 30#include "gnunet_constants.h"
31#include "gnunet_credential_service.h" 31#include "gnunet_credential_service.h"
32 32#include "gnunet_signatures.h"
33GNUNET_NETWORK_STRUCT_BEGIN 33#include "credential.h"
34
35struct DelegationRecordData
36{
37 /**
38 * Subject key
39 */
40 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
41
42 /**
43 * Subject attributes
44 */
45 uint32_t subject_attribute_len GNUNET_PACKED;
46};
47
48
49struct ChainEntry
50{
51 /**
52 * Issuer key
53 */
54 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
55
56 /**
57 * Subject key
58 */
59 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
60
61 /**
62 * Issuer attributes
63 */
64 uint32_t issuer_attribute_len GNUNET_PACKED;
65
66 /**
67 * Subject attributes
68 */
69 uint32_t subject_attribute_len GNUNET_PACKED;
70};
71
72GNUNET_NETWORK_STRUCT_END
73
74 34
75/** 35/**
76 * Calculate how many bytes we will need to serialize 36 * Calculate how many bytes we will need to serialize
@@ -83,7 +43,7 @@ GNUNET_NETWORK_STRUCT_END
83 */ 43 */
84size_t 44size_t
85GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, 45GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
86 const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) 46 const struct GNUNET_CREDENTIAL_DelegationSet *dsr)
87{ 47{
88 unsigned int i; 48 unsigned int i;
89 size_t ret; 49 size_t ret;
@@ -110,7 +70,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
110 */ 70 */
111ssize_t 71ssize_t
112GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, 72GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count,
113 const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, 73 const struct GNUNET_CREDENTIAL_DelegationSet *dsr,
114 size_t dest_size, 74 size_t dest_size,
115 char *dest) 75 char *dest)
116{ 76{
@@ -156,7 +116,7 @@ int
156GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, 116GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
157 const char *src, 117 const char *src,
158 unsigned int d_count, 118 unsigned int d_count,
159 struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr) 119 struct GNUNET_CREDENTIAL_DelegationSet *dsr)
160{ 120{
161 struct DelegationRecordData rec; 121 struct DelegationRecordData rec;
162 unsigned int i; 122 unsigned int i;
@@ -173,7 +133,7 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
173 dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len); 133 dsr[i].subject_attribute_len = ntohl ((uint32_t) rec.subject_attribute_len);
174 if (off + dsr[i].subject_attribute_len > len) 134 if (off + dsr[i].subject_attribute_len > len)
175 return GNUNET_SYSERR; 135 return GNUNET_SYSERR;
176 dsr[i].subject_attribute = &src[off]; 136 dsr[i].subject_attribute = (char*)&src[off];
177 off += dsr[i].subject_attribute_len; 137 off += dsr[i].subject_attribute_len;
178 } 138 }
179 return GNUNET_OK; 139 return GNUNET_OK;
@@ -198,7 +158,7 @@ GNUNET_CREDENTIAL_delegation_chain_get_size (unsigned int d_count,
198 size_t ret; 158 size_t ret;
199 159
200 ret = sizeof (struct ChainEntry) * (d_count); 160 ret = sizeof (struct ChainEntry) * (d_count);
201 ret += sizeof (struct ChainEntry) * (c_count); 161 ret += sizeof (struct CredentialEntry) * (c_count);
202 162
203 for (i=0; i<d_count;i++) 163 for (i=0; i<d_count;i++)
204 { 164 {
@@ -235,6 +195,7 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count,
235 char *dest) 195 char *dest)
236{ 196{
237 struct ChainEntry rec; 197 struct ChainEntry rec;
198 struct CredentialEntry c_rec;
238 unsigned int i; 199 unsigned int i;
239 size_t off; 200 size_t off;
240 201
@@ -268,16 +229,19 @@ GNUNET_CREDENTIAL_delegation_chain_serialize (unsigned int d_count,
268 } 229 }
269 for (i=0;i<c_count;i++) 230 for (i=0;i<c_count;i++)
270 { 231 {
271 rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len); 232 c_rec.issuer_attribute_len = htonl ((uint32_t) cd[i].issuer_attribute_len);
272 rec.subject_attribute_len = htonl (0); 233 c_rec.issuer_key = cd[i].issuer_key;
273 rec.issuer_key = cd[i].issuer_key; 234 c_rec.subject_key = cd[i].subject_key;
274 rec.subject_key = cd[i].subject_key; 235 c_rec.signature = cd[i].signature;
275 if (off + sizeof (rec) > dest_size) 236 c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
237 c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) + cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
238 c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us);
239 if (off + sizeof (c_rec) > dest_size)
276 return -1; 240 return -1;
277 GNUNET_memcpy (&dest[off], 241 GNUNET_memcpy (&dest[off],
278 &rec, 242 &c_rec,
279 sizeof (rec)); 243 sizeof (c_rec));
280 off += sizeof (rec); 244 off += sizeof (c_rec);
281 if (off + cd[i].issuer_attribute_len > dest_size) 245 if (off + cd[i].issuer_attribute_len > dest_size)
282 return -1; 246 return -1;
283 GNUNET_memcpy (&dest[off], 247 GNUNET_memcpy (&dest[off],
@@ -310,6 +274,7 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len,
310 struct GNUNET_CREDENTIAL_Credential *cd) 274 struct GNUNET_CREDENTIAL_Credential *cd)
311{ 275{
312 struct ChainEntry rec; 276 struct ChainEntry rec;
277 struct CredentialEntry c_rec;
313 unsigned int i; 278 unsigned int i;
314 size_t off; 279 size_t off;
315 280
@@ -335,13 +300,15 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len,
335 } 300 }
336 for (i=0;i<c_count;i++) 301 for (i=0;i<c_count;i++)
337 { 302 {
338 if (off + sizeof (rec) > len) 303 if (off + sizeof (c_rec) > len)
339 return GNUNET_SYSERR; 304 return GNUNET_SYSERR;
340 GNUNET_memcpy (&rec, &src[off], sizeof (rec)); 305 GNUNET_memcpy (&c_rec, &src[off], sizeof (c_rec));
341 cd[i].issuer_attribute_len = ntohl ((uint32_t) rec.issuer_attribute_len); 306 cd[i].issuer_attribute_len = ntohl ((uint32_t) c_rec.issuer_attribute_len);
342 cd[i].issuer_key = rec.issuer_key; 307 cd[i].issuer_key = c_rec.issuer_key;
343 cd[i].subject_key = rec.subject_key; 308 cd[i].subject_key = c_rec.subject_key;
344 off += sizeof (rec); 309 cd[i].signature = c_rec.signature;
310 cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration);
311 off += sizeof (c_rec);
345 if (off + cd[i].issuer_attribute_len > len) 312 if (off + cd[i].issuer_attribute_len > len)
346 return GNUNET_SYSERR; 313 return GNUNET_SYSERR;
347 cd[i].issuer_attribute = &src[off]; 314 cd[i].issuer_attribute = &src[off];
@@ -350,4 +317,74 @@ GNUNET_CREDENTIAL_delegation_chain_deserialize (size_t len,
350 return GNUNET_OK; 317 return GNUNET_OK;
351} 318}
352 319
320
321int
322GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred,
323 char **data)
324{
325 size_t size;
326 struct CredentialEntry *cdata;
327
328 size = sizeof (struct CredentialEntry) + strlen (cred->issuer_attribute) + 1;
329 *data = GNUNET_malloc (size);
330 cdata = (struct CredentialEntry*)*data;
331 cdata->subject_key = cred->subject_key;
332 cdata->issuer_key = cred->issuer_key;
333 cdata->expiration = GNUNET_htonll (cred->expiration.abs_value_us);
334 cdata->signature = cred->signature;
335 cdata->issuer_attribute_len = htonl (strlen (cred->issuer_attribute) + 1);
336 cdata->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
337 cdata->purpose.size = htonl (size - sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
338 GNUNET_memcpy (&cdata[1],
339 cred->issuer_attribute,
340 strlen (cred->issuer_attribute));
341
342 if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL,
343 &cdata->purpose,
344 &cdata->signature,
345 &cdata->issuer_key))
346 {
347 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
348 "Invalid credential\n");
349 //return NULL;
350 }
351 return size;
352}
353
354struct GNUNET_CREDENTIAL_Credential*
355GNUNET_CREDENTIAL_credential_deserialize (const char* data,
356 size_t data_size)
357{
358 struct GNUNET_CREDENTIAL_Credential *cred;
359 struct CredentialEntry *cdata;
360 char *issuer_attribute;
361
362 if (data_size < sizeof (struct CredentialEntry))
363 return NULL;
364 cdata = (struct CredentialEntry*)data;
365 if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL,
366 &cdata->purpose,
367 &cdata->signature,
368 &cdata->issuer_key))
369 {
370 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
371 "Invalid credential\n");
372 //return NULL;
373 }
374 issuer_attribute = (char*)&cdata[1];
375
376 cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) + ntohl(cdata->issuer_attribute_len));
377
378 cred->issuer_key = cdata->issuer_key;
379 cred->subject_key = cdata->subject_key;
380 GNUNET_memcpy (&cred[1],
381 issuer_attribute,
382 ntohl (cdata->issuer_attribute_len));
383 cred->signature = cdata->signature;
384 cred->issuer_attribute = (char*)&cred[1];
385 cred->expiration.abs_value_us = GNUNET_ntohll (cdata->expiration);
386 return cred;
387}
388
389
353/* end of credential_serialization.c */ 390/* end of credential_serialization.c */
diff --git a/src/credential/credential_serialization.h b/src/credential/credential_serialization.h
index 39ac0103b..eb1327f34 100644
--- a/src/credential/credential_serialization.h
+++ b/src/credential/credential_serialization.h
@@ -25,6 +25,9 @@
25 * and credentials 25 * and credentials
26 * @author Martin Schanzenbach 26 * @author Martin Schanzenbach
27 */ 27 */
28#ifndef CREDENTIAL_SERIALIZATION_H
29#define CREDENTIAL_SERIALIZATION_H
30
28#include "platform.h" 31#include "platform.h"
29#include "gnunet_util_lib.h" 32#include "gnunet_util_lib.h"
30#include "gnunet_constants.h" 33#include "gnunet_constants.h"
@@ -40,7 +43,7 @@
40 */ 43 */
41size_t 44size_t
42GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count, 45GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
43 const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr); 46 const struct GNUNET_CREDENTIAL_DelegationSet *dsr);
44 47
45/** 48/**
46 * Serizalize the given delegation record entries 49 * Serizalize the given delegation record entries
@@ -53,7 +56,7 @@ GNUNET_CREDENTIAL_delegation_set_get_size (unsigned int ds_count,
53 */ 56 */
54ssize_t 57ssize_t
55GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count, 58GNUNET_CREDENTIAL_delegation_set_serialize (unsigned int d_count,
56 const struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr, 59 const struct GNUNET_CREDENTIAL_DelegationSet *dsr,
57 size_t dest_size, 60 size_t dest_size,
58 char *dest); 61 char *dest);
59 62
@@ -71,7 +74,7 @@ int
71GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len, 74GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
72 const char *src, 75 const char *src,
73 unsigned int d_count, 76 unsigned int d_count,
74 struct GNUNET_CREDENTIAL_DelegationSetRecord *dsr); 77 struct GNUNET_CREDENTIAL_DelegationSet *dsr);
75 78
76 /** 79 /**
77 * Calculate how many bytes we will need to serialize 80 * Calculate how many bytes we will need to serialize
@@ -127,4 +130,13 @@ GNUNET_CREDENTIAL_delegation_set_deserialize (size_t len,
127 struct GNUNET_CREDENTIAL_Delegation *dd, 130 struct GNUNET_CREDENTIAL_Delegation *dd,
128 unsigned int c_count, 131 unsigned int c_count,
129 struct GNUNET_CREDENTIAL_Credential *cd); 132 struct GNUNET_CREDENTIAL_Credential *cd);
130 /* end of credential_serialization.h */ 133
134int
135GNUNET_CREDENTIAL_credential_serialize (struct GNUNET_CREDENTIAL_Credential *cred,
136 char **data);
137
138struct GNUNET_CREDENTIAL_Credential*
139GNUNET_CREDENTIAL_credential_deserialize (const char* data,
140 size_t data_size);
141#endif
142/* end of credential_serialization.h */
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c
index a743458d5..b31c2f66e 100644
--- a/src/credential/gnunet-credential.c
+++ b/src/credential/gnunet-credential.c
@@ -26,6 +26,8 @@
26#include <gnunet_util_lib.h> 26#include <gnunet_util_lib.h>
27#include <gnunet_credential_service.h> 27#include <gnunet_credential_service.h>
28#include <gnunet_gnsrecord_lib.h> 28#include <gnunet_gnsrecord_lib.h>
29#include "credential_misc.h"
30#include "credential_serialization.h"
29 31
30/** 32/**
31 * Configuration we are using. 33 * Configuration we are using.
@@ -220,7 +222,7 @@ identity_cb (void *cls,
220 const struct GNUNET_IDENTITY_Ego *ego) 222 const struct GNUNET_IDENTITY_Ego *ego)
221{ 223{
222 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; 224 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
223 struct GNUNET_CREDENTIAL_CredentialRecordData *crd; 225 struct GNUNET_CREDENTIAL_Credential *crd;
224 struct GNUNET_TIME_Absolute etime_abs; 226 struct GNUNET_TIME_Absolute etime_abs;
225 struct GNUNET_TIME_Relative etime_rel; 227 struct GNUNET_TIME_Relative etime_rel;
226 char *res; 228 char *res;
@@ -261,14 +263,13 @@ identity_cb (void *cls,
261 privkey = GNUNET_IDENTITY_ego_get_private_key (ego); 263 privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
262 GNUNET_free_non_null (issuer_ego_name); 264 GNUNET_free_non_null (issuer_ego_name);
263 issuer_ego_name = NULL; 265 issuer_ego_name = NULL;
264 crd = GNUNET_CREDENTIAL_issue (credential, 266 crd = GNUNET_CREDENTIAL_credential_issue (privkey,
265 privkey, 267 &subject_pkey,
266 &subject_pkey, 268 issuer_attr,
267 issuer_attr, 269 &etime_abs);
268 &etime_abs); 270
269 res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, 271 res = GNUNET_CREDENTIAL_credential_to_string (crd);
270 crd, 272 GNUNET_free (crd);
271 sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
272 printf ("%s\n", res); 273 printf ("%s\n", res);
273 GNUNET_SCHEDULER_shutdown (); 274 GNUNET_SCHEDULER_shutdown ();
274} 275}
@@ -354,7 +355,7 @@ run (void *cls,
354 _("You must provide issuer and subject attributes\n")); 355 _("You must provide issuer and subject attributes\n"));
355 GNUNET_SCHEDULER_shutdown (); 356 GNUNET_SCHEDULER_shutdown ();
356 } 357 }
357 358
358 printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n", 359 printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n",
359 subject_credential, subject_key, issuer_attr, issuer_key); 360 subject_credential, subject_key, issuer_attr, issuer_key);
360 361
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index 2b3eb8b4c..55907e0d7 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -46,7 +46,7 @@
46 46
47struct VerifyRequestHandle; 47struct VerifyRequestHandle;
48 48
49struct DelegationSetEntry; 49struct DelegationSetQueueEntry;
50 50
51 51
52struct DelegationChainEntry 52struct DelegationChainEntry
@@ -101,12 +101,7 @@ struct CredentialRecordEntry
101 /** 101 /**
102 * Payload 102 * Payload
103 */ 103 */
104 struct GNUNET_CREDENTIAL_CredentialRecordData *data; 104 struct GNUNET_CREDENTIAL_Credential *credential;
105
106 /**
107 * Size
108 */
109 uint64_t data_size;
110}; 105};
111 106
112/** 107/**
@@ -128,17 +123,17 @@ struct DelegationQueueEntry
128 /** 123 /**
129 * Sets under this Queue 124 * Sets under this Queue
130 */ 125 */
131 struct DelegationSetEntry *set_entries_head; 126 struct DelegationSetQueueEntry *set_entries_head;
132 127
133 /** 128 /**
134 * Sets under this Queue 129 * Sets under this Queue
135 */ 130 */
136 struct DelegationSetEntry *set_entries_tail; 131 struct DelegationSetQueueEntry *set_entries_tail;
137 132
138 /** 133 /**
139 * Parent set 134 * Parent set
140 */ 135 */
141 struct DelegationSetEntry *parent_set; 136 struct DelegationSetQueueEntry *parent_set;
142 137
143 /** 138 /**
144 * Required solutions 139 * Required solutions
@@ -150,17 +145,17 @@ struct DelegationQueueEntry
150 * DLL for delegation sets 145 * DLL for delegation sets
151 * Used for AND delegation set 146 * Used for AND delegation set
152 */ 147 */
153struct DelegationSetEntry 148struct DelegationSetQueueEntry
154{ 149{
155 /** 150 /**
156 * DLL 151 * DLL
157 */ 152 */
158 struct DelegationSetEntry *next; 153 struct DelegationSetQueueEntry *next;
159 154
160 /** 155 /**
161 * DLL 156 * DLL
162 */ 157 */
163 struct DelegationSetEntry *prev; 158 struct DelegationSetQueueEntry *prev;
164 159
165 /** 160 /**
166 * GNS handle 161 * GNS handle
@@ -299,7 +294,7 @@ struct VerifyRequestHandle
299 /** 294 /**
300 * Root Delegation Set 295 * Root Delegation Set
301 */ 296 */
302 struct DelegationSetEntry *root_set; 297 struct DelegationSetQueueEntry *root_set;
303 298
304 /** 299 /**
305 * Current Delegation Pointer 300 * Current Delegation Pointer
@@ -307,16 +302,6 @@ struct VerifyRequestHandle
307 struct DelegationQueueEntry *current_delegation; 302 struct DelegationQueueEntry *current_delegation;
308 303
309 /** 304 /**
310 * The found credential
311 */
312 struct GNUNET_CREDENTIAL_CredentialRecordData *credential;
313
314 /**
315 * Length of the credential
316 */
317 uint32_t credential_size;
318
319 /**
320 * request id 305 * request id
321 */ 306 */
322 uint32_t request_id; 307 uint32_t request_id;
@@ -351,10 +336,10 @@ static struct GNUNET_GNS_Handle *gns;
351 336
352 337
353static void 338static void
354cleanup_delegation_set (struct DelegationSetEntry *ds_entry) 339cleanup_delegation_set (struct DelegationSetQueueEntry *ds_entry)
355{ 340{
356 struct DelegationQueueEntry *dq_entry; 341 struct DelegationQueueEntry *dq_entry;
357 struct DelegationSetEntry *child; 342 struct DelegationSetQueueEntry *child;
358 343
359 if (NULL == ds_entry) 344 if (NULL == ds_entry)
360 return; 345 return;
@@ -414,8 +399,6 @@ cleanup_handle (struct VerifyRequestHandle *vrh)
414 GNUNET_GNS_lookup_cancel (vrh->lookup_request); 399 GNUNET_GNS_lookup_cancel (vrh->lookup_request);
415 vrh->lookup_request = NULL; 400 vrh->lookup_request = NULL;
416 } 401 }
417 if (NULL != vrh->credential)
418 GNUNET_free (vrh->credential);
419 cleanup_delegation_set (vrh->root_set); 402 cleanup_delegation_set (vrh->root_set);
420 if (NULL != vrh->issuer_attribute) 403 if (NULL != vrh->issuer_attribute)
421 GNUNET_free (vrh->issuer_attribute); 404 GNUNET_free (vrh->issuer_attribute);
@@ -426,8 +409,8 @@ cleanup_handle (struct VerifyRequestHandle *vrh)
426 GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head, 409 GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head,
427 vrh->cred_chain_tail, 410 vrh->cred_chain_tail,
428 cr_entry); 411 cr_entry);
429 if (NULL != cr_entry->data) 412 if (NULL != cr_entry->credential);
430 GNUNET_free (cr_entry->data); 413 GNUNET_free (cr_entry->credential);
431 GNUNET_free (cr_entry); 414 GNUNET_free (cr_entry);
432 } 415 }
433 GNUNET_free (vrh); 416 GNUNET_free (vrh);
@@ -518,48 +501,45 @@ send_lookup_response (struct VerifyRequestHandle *vrh)
518 struct GNUNET_MQ_Envelope *env; 501 struct GNUNET_MQ_Envelope *env;
519 struct VerifyResultMessage *rmsg; 502 struct VerifyResultMessage *rmsg;
520 struct DelegationChainEntry *dce; 503 struct DelegationChainEntry *dce;
521 size_t size = vrh->credential_size;
522 struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size]; 504 struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size];
523 struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size]; 505 struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size];
524 struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
525 struct CredentialRecordEntry *cd; 506 struct CredentialRecordEntry *cd;
507 size_t size;
526 int i; 508 int i;
527 509
528 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 510 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
529 "Sending response\n"); 511 "Sending response\n");
530 i = 0; 512 dce = vrh->delegation_chain_head;
531 for (dce = vrh->delegation_chain_head; 513 for (i=0;i<vrh->delegation_chain_size;i++)
532 NULL != dce;
533 dce = dce->next)
534 { 514 {
535 dd[i].issuer_key = dce->issuer_key; 515 dd[i].issuer_key = dce->issuer_key;
536 dd[i].subject_key = dce->subject_key; 516 dd[i].subject_key = dce->subject_key;
537 dd[i].issuer_attribute = dce->issuer_attribute; 517 dd[i].issuer_attribute = dce->issuer_attribute;
538 dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1; 518 dd[i].issuer_attribute_len = strlen (dce->issuer_attribute)+1;
539 dd[i].subject_attribute_len = 0; 519 dd[i].subject_attribute_len = 0;
520 dd[i].subject_attribute = NULL;
540 if (NULL != dce->subject_attribute) 521 if (NULL != dce->subject_attribute)
541 { 522 {
542 dd[i].subject_attribute = dce->subject_attribute; 523 dd[i].subject_attribute = dce->subject_attribute;
543 dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1; 524 dd[i].subject_attribute_len = strlen(dce->subject_attribute)+1;
544 } 525 }
545 i++; 526 dce = dce->next;
546 } 527 }
547 528
548 /** 529 /**
549 * Get serialized record data 530 * Get serialized record data
550 * Append at the end of rmsg 531 * Append at the end of rmsg
551 */ 532 */
552 i = 0; 533 cd = vrh->cred_chain_head;
553 for (cd = vrh->cred_chain_head; 534 for (i=0;i<vrh->cred_chain_size;i++)
554 NULL != cd;
555 cd = cd->next)
556 { 535 {
557 crd = cd->data; 536 cred[i].issuer_key = cd->credential->issuer_key;
558 cred[i].issuer_key = crd->issuer_key; 537 cred[i].subject_key = cd->credential->subject_key;
559 cred[i].subject_key = crd->subject_key; 538 cred[i].issuer_attribute_len = strlen(cd->credential->issuer_attribute)+1;
560 cred[i].issuer_attribute_len = strlen((char*)&crd[1])+1; 539 cred[i].issuer_attribute = cd->credential->issuer_attribute;
561 cred[i].issuer_attribute = (char*)&crd[1]; 540 cred[i].expiration = cd->credential->expiration;
562 i++; 541 cred[i].signature = cd->credential->signature;
542 cd = cd->next;
563 } 543 }
564 size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size, 544 size = GNUNET_CREDENTIAL_delegation_chain_get_size (vrh->delegation_chain_size,
565 dd, 545 dd,
@@ -573,18 +553,18 @@ send_lookup_response (struct VerifyRequestHandle *vrh)
573 rmsg->d_count = htonl (vrh->delegation_chain_size); 553 rmsg->d_count = htonl (vrh->delegation_chain_size);
574 rmsg->c_count = htonl (vrh->cred_chain_size); 554 rmsg->c_count = htonl (vrh->cred_chain_size);
575 555
576 if (NULL != vrh->credential) 556 if (0 < vrh->cred_chain_size)
577 rmsg->cred_found = htonl (GNUNET_YES); 557 rmsg->cred_found = htonl (GNUNET_YES);
578 else 558 else
579 rmsg->cred_found = htonl (GNUNET_NO); 559 rmsg->cred_found = htonl (GNUNET_NO);
580 560
581 GNUNET_assert (-1 != 561 GNUNET_assert (-1 !=
582 GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size, 562 GNUNET_CREDENTIAL_delegation_chain_serialize (vrh->delegation_chain_size,
583 dd, 563 dd,
584 vrh->cred_chain_size, 564 vrh->cred_chain_size,
585 cred, 565 cred,
586 size, 566 size,
587 (char*)&rmsg[1])); 567 (char*)&rmsg[1]));
588 568
589 GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client), 569 GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq(vrh->client),
590 env); 570 env);
@@ -604,12 +584,11 @@ backward_resolution (void* cls,
604{ 584{
605 585
606 struct VerifyRequestHandle *vrh; 586 struct VerifyRequestHandle *vrh;
607 struct GNUNET_CREDENTIAL_CredentialRecordData *cred; 587 const struct GNUNET_CREDENTIAL_DelegationRecord *sets;
608 const struct GNUNET_CREDENTIAL_DelegationRecordData *sets;
609 struct CredentialRecordEntry *cred_pointer; 588 struct CredentialRecordEntry *cred_pointer;
610 struct DelegationSetEntry *current_set; 589 struct DelegationSetQueueEntry *current_set;
611 struct DelegationSetEntry *ds_entry; 590 struct DelegationSetQueueEntry *ds_entry;
612 struct DelegationSetEntry *tmp_set; 591 struct DelegationSetQueueEntry *tmp_set;
613 struct DelegationQueueEntry *dq_entry; 592 struct DelegationQueueEntry *dq_entry;
614 char *expanded_attr; 593 char *expanded_attr;
615 char *lookup_attribute; 594 char *lookup_attribute;
@@ -631,15 +610,15 @@ backward_resolution (void* cls,
631 continue; 610 continue;
632 611
633 sets = rd[i].data; 612 sets = rd[i].data;
634 struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets->set_count)]; 613 struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets->set_count)];
635 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 614 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
636 "Found new attribute delegation with %d sets. Creating new Job...\n", 615 "Found new attribute delegation with %d sets. Creating new Job...\n",
637 ntohl (sets->set_count)); 616 ntohl (sets->set_count));
638 617
639 if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size), 618 if (GNUNET_OK !=GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll(sets->data_size),
640 (const char*)&sets[1], 619 (const char*)&sets[1],
641 ntohl(sets->set_count), 620 ntohl(sets->set_count),
642 set)) 621 set))
643 { 622 {
644 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 623 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
645 "Failed to deserialize!\n"); 624 "Failed to deserialize!\n");
@@ -654,7 +633,7 @@ backward_resolution (void* cls,
654 // Each AND 633 // Each AND
655 for (j=0; j<ntohl(sets->set_count); j++) 634 for (j=0; j<ntohl(sets->set_count); j++)
656 { 635 {
657 ds_entry = GNUNET_new (struct DelegationSetEntry); 636 ds_entry = GNUNET_new (struct DelegationSetQueueEntry);
658 if (NULL != current_set->attr_trailer) 637 if (NULL != current_set->attr_trailer)
659 { 638 {
660 if (0 == set[j].subject_attribute_len) 639 if (0 == set[j].subject_attribute_len)
@@ -706,16 +685,17 @@ backward_resolution (void* cls,
706 for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL; 685 for(cred_pointer = vrh->cred_chain_head; cred_pointer != NULL;
707 cred_pointer = cred_pointer->next) 686 cred_pointer = cred_pointer->next)
708 { 687 {
709 cred = cred_pointer->data;
710 if(0 != memcmp (&set->subject_key, 688 if(0 != memcmp (&set->subject_key,
711 &cred_pointer->data->issuer_key, 689 &cred_pointer->credential->issuer_key,
712 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) 690 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
713 continue; 691 continue;
714 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 692 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
715 "Checking if %s matches %s\n", 693 "Checking if %s matches %s\n",
716 ds_entry->unresolved_attribute_delegation, (char*)&cred[1]); 694 ds_entry->unresolved_attribute_delegation,
695 cred_pointer->credential->issuer_attribute);
717 696
718 if (0 != strcmp (ds_entry->unresolved_attribute_delegation, (char*)&cred[1])) 697 if (0 != strcmp (ds_entry->unresolved_attribute_delegation,
698 cred_pointer->credential->issuer_attribute))
719 continue; 699 continue;
720 700
721 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 701 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -742,11 +722,6 @@ backward_resolution (void* cls,
742 { 722 {
743 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 723 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
744 "All solutions found\n"); 724 "All solutions found\n");
745 vrh->credential = GNUNET_malloc (cred_pointer->data_size);
746 memcpy (vrh->credential,
747 cred,
748 cred_pointer->data_size);
749 vrh->credential_size = cred_pointer->data_size;
750 //Found match 725 //Found match
751 send_lookup_response (vrh); 726 send_lookup_response (vrh);
752 return; 727 return;
@@ -822,8 +797,8 @@ handle_credential_query (void* cls,
822 const struct GNUNET_GNSRECORD_Data *rd) 797 const struct GNUNET_GNSRECORD_Data *rd)
823{ 798{
824 struct VerifyRequestHandle *vrh = cls; 799 struct VerifyRequestHandle *vrh = cls;
825 struct DelegationSetEntry *ds_entry; 800 struct DelegationSetQueueEntry *ds_entry;
826 const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; 801 struct GNUNET_CREDENTIAL_Credential *crd;
827 struct CredentialRecordEntry *cr_entry; 802 struct CredentialRecordEntry *cr_entry;
828 int cred_record_count; 803 int cred_record_count;
829 int i; 804 int i;
@@ -835,22 +810,16 @@ handle_credential_query (void* cls,
835 if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type) 810 if (GNUNET_GNSRECORD_TYPE_CREDENTIAL != rd[i].record_type)
836 continue; 811 continue;
837 cred_record_count++; 812 cred_record_count++;
838 crd = rd[i].data; 813 crd = GNUNET_CREDENTIAL_credential_deserialize (rd[i].data,
839 if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, 814 rd[i].data_size);
840 &crd->purpose, 815 if (NULL == crd)
841 &crd->signature,
842 &crd->issuer_key))
843 { 816 {
844 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 817 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
845 "Invalid credential found\n"); 818 "Invalid credential found\n");
846 continue; 819 continue;
847 } 820 }
848 cr_entry = GNUNET_new (struct CredentialRecordEntry); 821 cr_entry = GNUNET_new (struct CredentialRecordEntry);
849 cr_entry->data = GNUNET_malloc (rd[i].data_size); 822 cr_entry->credential = crd;
850 memcpy (cr_entry->data,
851 crd,
852 rd[i].data_size);
853 cr_entry->data_size = rd[i].data_size;
854 GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, 823 GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head,
855 vrh->cred_chain_tail, 824 vrh->cred_chain_tail,
856 cr_entry); 825 cr_entry);
@@ -860,13 +829,8 @@ handle_credential_query (void* cls,
860 &vrh->issuer_key, 829 &vrh->issuer_key,
861 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) 830 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
862 continue; 831 continue;
863 if (0 != strcmp ((char*)&crd[1], vrh->issuer_attribute)) 832 if (0 != strcmp (crd->issuer_attribute, vrh->issuer_attribute))
864 continue; 833 continue;
865 vrh->credential = GNUNET_malloc (rd[i].data_size);
866 memcpy (vrh->credential,
867 rd[i].data,
868 rd[i].data_size);
869 vrh->credential_size = rd[i].data_size;
870 //Found match prematurely 834 //Found match prematurely
871 send_lookup_response (vrh); 835 send_lookup_response (vrh);
872 return; 836 return;
@@ -884,7 +848,7 @@ handle_credential_query (void* cls,
884 ".gnu"); 848 ".gnu");
885 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 849 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
886 "Looking up %s\n", issuer_attribute_name); 850 "Looking up %s\n", issuer_attribute_name);
887 ds_entry = GNUNET_new (struct DelegationSetEntry); 851 ds_entry = GNUNET_new (struct DelegationSetQueueEntry);
888 ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey); 852 ds_entry->issuer_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPublicKey);
889 memcpy (ds_entry->issuer_key, 853 memcpy (ds_entry->issuer_key,
890 &vrh->issuer_key, 854 &vrh->issuer_key,
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c
index 1358afdb1..5c3c03832 100644
--- a/src/credential/plugin_gnsrecord_credential.c
+++ b/src/credential/plugin_gnsrecord_credential.c
@@ -31,7 +31,7 @@
31#include "gnunet_gnsrecord_plugin.h" 31#include "gnunet_gnsrecord_plugin.h"
32#include "gnunet_signatures.h" 32#include "gnunet_signatures.h"
33#include "credential_serialization.h" 33#include "credential_serialization.h"
34 34#include "credential_misc.h"
35 35
36/** 36/**
37 * Convert the 'value' of a record to a string. 37 * Convert the 'value' of a record to a string.
@@ -55,18 +55,18 @@ credential_value_to_string (void *cls,
55 { 55 {
56 case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: 56 case GNUNET_GNSRECORD_TYPE_ATTRIBUTE:
57 { 57 {
58 struct GNUNET_CREDENTIAL_DelegationRecordData sets; 58 struct GNUNET_CREDENTIAL_DelegationRecord sets;
59 char *attr_str; 59 char *attr_str;
60 char *subject_pkey; 60 char *subject_pkey;
61 char *tmp_str; 61 char *tmp_str;
62 int i; 62 int i;
63 if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData)) 63 if (data_size < sizeof (struct GNUNET_CREDENTIAL_DelegationRecord))
64 return NULL; /* malformed */ 64 return NULL; /* malformed */
65 memcpy (&sets, 65 memcpy (&sets,
66 data, 66 data,
67 sizeof (sets)); 67 sizeof (sets));
68 cdata = data; 68 cdata = data;
69 struct GNUNET_CREDENTIAL_DelegationSetRecord set[ntohl(sets.set_count)]; 69 struct GNUNET_CREDENTIAL_DelegationSet set[ntohl(sets.set_count)];
70 if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size), 70 if (GNUNET_OK != GNUNET_CREDENTIAL_delegation_set_deserialize (GNUNET_ntohll (sets.data_size),
71 &cdata[sizeof (sets)], 71 &cdata[sizeof (sets)],
72 ntohl (sets.set_count), 72 ntohl (sets.set_count),
@@ -116,38 +116,13 @@ credential_value_to_string (void *cls,
116 } 116 }
117 case GNUNET_GNSRECORD_TYPE_CREDENTIAL: 117 case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
118 { 118 {
119 struct GNUNET_CREDENTIAL_CredentialRecordData cred; 119 struct GNUNET_CREDENTIAL_Credential *cred;
120 struct GNUNET_TIME_Absolute etime_abs;
121 char *cred_str; 120 char *cred_str;
122 char *subject_pkey;
123 char *issuer_pkey;
124 char *signature;
125 const char *expiration;
126
127 121
128 if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) 122 cred = GNUNET_CREDENTIAL_credential_deserialize (data,
129 return NULL; /* malformed */ 123 data_size);
130 memcpy (&cred, 124 cred_str = GNUNET_CREDENTIAL_credential_to_string (cred);
131 data, 125 GNUNET_free (cred);
132 sizeof (cred));
133 cdata = data;
134 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key);
135 issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key);
136 etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration);
137 expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs);
138 GNUNET_STRINGS_base64_encode ((char*)&cred.signature,
139 sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
140 &signature);
141 GNUNET_asprintf (&cred_str,
142 "%s.%s -> %s | %s | %s",
143 issuer_pkey,
144 &cdata[sizeof (cred)],
145 subject_pkey,
146 signature,
147 expiration);
148 GNUNET_free (subject_pkey);
149 GNUNET_free (issuer_pkey);
150 GNUNET_free (signature);
151 return cred_str; 126 return cred_str;
152 } 127 }
153 default: 128 default:
@@ -180,7 +155,7 @@ credential_string_to_value (void *cls,
180 { 155 {
181 case GNUNET_GNSRECORD_TYPE_ATTRIBUTE: 156 case GNUNET_GNSRECORD_TYPE_ATTRIBUTE:
182 { 157 {
183 struct GNUNET_CREDENTIAL_DelegationRecordData *sets; 158 struct GNUNET_CREDENTIAL_DelegationRecord *sets;
184 char attr_str[253 + 1]; 159 char attr_str[253 + 1];
185 char subject_pkey[52 + 1]; 160 char subject_pkey[52 + 1];
186 char *token; 161 char *token;
@@ -194,7 +169,7 @@ credential_string_to_value (void *cls,
194 token = strtok (tmp_str, ","); 169 token = strtok (tmp_str, ",");
195 entries = 0; 170 entries = 0;
196 tmp_data_size = 0; 171 tmp_data_size = 0;
197 *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecordData); 172 *data_size = sizeof (struct GNUNET_CREDENTIAL_DelegationRecord);
198 while (NULL != token) 173 while (NULL != token)
199 { 174 {
200 matches = SSCANF (token, 175 matches = SSCANF (token,
@@ -210,9 +185,9 @@ credential_string_to_value (void *cls,
210 return GNUNET_SYSERR; 185 return GNUNET_SYSERR;
211 } 186 }
212 if (1 == matches) { 187 if (1 == matches) {
213 tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord); 188 tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet);
214 } else if (2 == matches) { 189 } else if (2 == matches) {
215 tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord) + strlen (attr_str) + 1; 190 tmp_data_size += sizeof (struct GNUNET_CREDENTIAL_DelegationRecordSet) + strlen (attr_str) + 1;
216 } 191 }
217 entries++; 192 entries++;
218 token = strtok (NULL, ","); 193 token = strtok (NULL, ",");
@@ -220,8 +195,7 @@ credential_string_to_value (void *cls,
220 GNUNET_free (tmp_str); 195 GNUNET_free (tmp_str);
221 tmp_str = GNUNET_strdup (s); 196 tmp_str = GNUNET_strdup (s);
222 token = strtok (tmp_str, ","); 197 token = strtok (tmp_str, ",");
223 struct GNUNET_CREDENTIAL_DelegationSetRecord *set; 198 struct GNUNET_CREDENTIAL_DelegationSet set[entries];
224 set = GNUNET_malloc (entries * sizeof (struct GNUNET_CREDENTIAL_DelegationSetRecord));
225 for (i=0;i<entries;i++) 199 for (i=0;i<entries;i++)
226 { 200 {
227 matches = SSCANF (token, 201 matches = SSCANF (token,
@@ -239,6 +213,7 @@ credential_string_to_value (void *cls,
239 } 213 }
240 tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries, 214 tmp_data_size = GNUNET_CREDENTIAL_delegation_set_get_size (entries,
241 set); 215 set);
216
242 if (-1 == tmp_data_size) 217 if (-1 == tmp_data_size)
243 return GNUNET_SYSERR; 218 return GNUNET_SYSERR;
244 *data_size += tmp_data_size; 219 *data_size += tmp_data_size;
@@ -247,6 +222,11 @@ credential_string_to_value (void *cls,
247 set, 222 set,
248 tmp_data_size, 223 tmp_data_size,
249 (char*)&sets[1]); 224 (char*)&sets[1]);
225 for (i=0;i<entries;i++)
226 {
227 if (0 != set[i].subject_attribute_len)
228 GNUNET_free ((char*)set[i].subject_attribute);
229 }
250 sets->set_count = htonl (entries); 230 sets->set_count = htonl (entries);
251 sets->data_size = GNUNET_htonll (tmp_data_size); 231 sets->data_size = GNUNET_htonll (tmp_data_size);
252 232
@@ -255,58 +235,11 @@ credential_string_to_value (void *cls,
255 } 235 }
256 case GNUNET_GNSRECORD_TYPE_CREDENTIAL: 236 case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
257 { 237 {
258 struct GNUNET_CREDENTIAL_CredentialRecordData *cred; 238 struct GNUNET_CREDENTIAL_Credential *cred;
259 239 cred = GNUNET_CREDENTIAL_credential_from_string (s);
260 size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
261 if (enclen % 5 > 0)
262 enclen += 5 - enclen % 5;
263 enclen /= 5; /* 260/5 = 52 */
264 char subject_pkey[enclen + 1];
265 char issuer_pkey[enclen + 1];
266 char name[253 + 1];
267 char signature[128]; //TODO max payload size
268 char expiration[256];
269
270 struct GNUNET_CRYPTO_EcdsaSignature *sig;
271 struct GNUNET_TIME_Absolute etime_abs;
272
273 if (5 != SSCANF (s,
274 "%52s.%253s -> %52s | %s | %255[0-9a-zA-Z: ]",
275 issuer_pkey,
276 name,
277 subject_pkey,
278 signature,
279 expiration))
280 {
281 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
282 _("Unable to parse CRED record string `%s'\n"),
283 s);
284 return GNUNET_SYSERR;
285 }
286 *data_size = sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (name) + 1;
287 *data = cred = GNUNET_malloc (*data_size);
288 GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pkey,
289 strlen (subject_pkey),
290 &cred->subject_key);
291 GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey,
292 strlen (issuer_pkey),
293 &cred->issuer_key);
294 GNUNET_STRINGS_fancy_time_to_absolute (expiration,
295 &etime_abs);
296 GNUNET_STRINGS_base64_decode (signature,
297 strlen (signature),
298 (char**)&sig);
299 cred->signature = *sig;
300 cred->expiration = GNUNET_htonll (etime_abs.abs_value_us);
301 cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
302 cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
303 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + sizeof (uint64_t));
304 GNUNET_free (sig);
305 GNUNET_memcpy (&cred[1],
306 name,
307 strlen (name));
308
309 240
241 *data_size = GNUNET_CREDENTIAL_credential_serialize (cred,
242 (char**)data);
310 return GNUNET_OK; 243 return GNUNET_OK;
311 } 244 }
312 default: 245 default:
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c
index 11e6fb276..2df65d7ad 100644
--- a/src/credential/plugin_rest_credential.c
+++ b/src/credential/plugin_rest_credential.c
@@ -37,6 +37,14 @@
37 37
38#define GNUNET_REST_API_NS_CREDENTIAL "/credential" 38#define GNUNET_REST_API_NS_CREDENTIAL "/credential"
39 39
40#define GNUNET_REST_API_NS_CREDENTIAL_ISSUE "/credential/issue"
41
42#define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify"
43
44#define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration"
45
46#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key"
47
40#define GNUNET_REST_JSONAPI_CREDENTIAL "credential" 48#define GNUNET_REST_JSONAPI_CREDENTIAL "credential"
41 49
42#define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" 50#define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential"
@@ -57,7 +65,7 @@ struct Plugin
57 65
58const struct GNUNET_CONFIGURATION_Handle *cfg; 66const struct GNUNET_CONFIGURATION_Handle *cfg;
59 67
60struct VerifyHandle 68struct RequestHandle
61{ 69{
62 /** 70 /**
63 * Handle to Credential service. 71 * Handle to Credential service.
@@ -70,6 +78,21 @@ struct VerifyHandle
70 struct GNUNET_CREDENTIAL_Request *verify_request; 78 struct GNUNET_CREDENTIAL_Request *verify_request;
71 79
72 /** 80 /**
81 * Handle to issue request
82 */
83 struct GNUNET_CREDENTIAL_Request *issue_request;
84
85 /**
86 * Handle to identity
87 */
88 struct GNUNET_IDENTITY_Handle *identity;
89
90 /**
91 * Handle to identity operation
92 */
93 struct GNUNET_IDENTITY_Operation *id_op;
94
95 /**
73 * Handle to rest request 96 * Handle to rest request
74 */ 97 */
75 struct GNUNET_REST_RequestHandle *rest_handle; 98 struct GNUNET_REST_RequestHandle *rest_handle;
@@ -133,7 +156,7 @@ struct VerifyHandle
133 * @param handle Handle to clean up 156 * @param handle Handle to clean up
134 */ 157 */
135static void 158static void
136cleanup_handle (struct VerifyHandle *handle) 159cleanup_handle (struct RequestHandle *handle)
137{ 160{
138 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 161 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
139 "Cleaning up\n"); 162 "Cleaning up\n");
@@ -145,16 +168,13 @@ cleanup_handle (struct VerifyHandle *handle)
145 if (NULL != handle->subject_attr) 168 if (NULL != handle->subject_attr)
146 GNUNET_free (handle->subject_attr); 169 GNUNET_free (handle->subject_attr);
147 if (NULL != handle->verify_request) 170 if (NULL != handle->verify_request)
148 {
149 GNUNET_CREDENTIAL_verify_cancel (handle->verify_request); 171 GNUNET_CREDENTIAL_verify_cancel (handle->verify_request);
150 handle->verify_request = NULL;
151 }
152 if (NULL != handle->credential) 172 if (NULL != handle->credential)
153 {
154 GNUNET_CREDENTIAL_disconnect (handle->credential); 173 GNUNET_CREDENTIAL_disconnect (handle->credential);
155 handle->credential = NULL; 174 if (NULL != handle->id_op)
156 } 175 GNUNET_IDENTITY_cancel (handle->id_op);
157 176 if (NULL != handle->identity)
177 GNUNET_IDENTITY_disconnect (handle->identity);
158 if (NULL != handle->timeout_task) 178 if (NULL != handle->timeout_task)
159 { 179 {
160 GNUNET_SCHEDULER_cancel (handle->timeout_task); 180 GNUNET_SCHEDULER_cancel (handle->timeout_task);
@@ -172,7 +192,7 @@ cleanup_handle (struct VerifyHandle *handle)
172static void 192static void
173do_error (void *cls) 193do_error (void *cls)
174{ 194{
175 struct VerifyHandle *handle = cls; 195 struct RequestHandle *handle = cls;
176 struct MHD_Response *resp; 196 struct MHD_Response *resp;
177 197
178 resp = GNUNET_REST_create_response (NULL); 198 resp = GNUNET_REST_create_response (NULL);
@@ -280,7 +300,7 @@ handle_verify_response (void *cls,
280 struct GNUNET_CREDENTIAL_Credential *cred) 300 struct GNUNET_CREDENTIAL_Credential *cred)
281{ 301{
282 302
283 struct VerifyHandle *handle = cls; 303 struct RequestHandle *handle = cls;
284 struct MHD_Response *resp; 304 struct MHD_Response *resp;
285 struct GNUNET_JSONAPI_Document *json_document; 305 struct GNUNET_JSONAPI_Document *json_document;
286 struct GNUNET_JSONAPI_Resource *json_resource; 306 struct GNUNET_JSONAPI_Resource *json_resource;
@@ -355,7 +375,7 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
355 const char* url, 375 const char* url,
356 void *cls) 376 void *cls)
357{ 377{
358 struct VerifyHandle *handle = cls; 378 struct RequestHandle *handle = cls;
359 struct GNUNET_HashCode key; 379 struct GNUNET_HashCode key;
360 char *tmp; 380 char *tmp;
361 char *entity_attr; 381 char *entity_attr;
@@ -478,6 +498,213 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
478 498
479} 499}
480 500
501void
502send_cred_response (struct RequestHandle *handle,
503 struct GNUNET_CREDENTIAL_Credential *cred)
504{
505 struct MHD_Response *resp;
506 struct GNUNET_JSONAPI_Document *json_document;
507 struct GNUNET_JSONAPI_Resource *json_resource;
508 json_t *cred_obj;
509 char *result;
510 char *issuer;
511 char *subject;
512 char *signature;
513 char *id;
514
515 GNUNET_assert (NULL == cred);
516 issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key);
517 if (NULL == issuer)
518 {
519 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
520 "Subject malformed\n");
521 return;
522 }
523 GNUNET_asprintf (&id,
524 "%s.%s",
525 issuer,
526 (char*)&cred[1]);
527 subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key);
528 if (NULL == subject)
529 {
530 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
531 "Subject malformed\n");
532 return;
533 }
534 GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
535 sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
536 &signature);
537 json_document = GNUNET_JSONAPI_document_new ();
538 json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
539 id);
540 GNUNET_free (id);
541 cred_obj = json_object();
542 json_object_set_new (cred_obj, "issuer", json_string (issuer));
543 json_object_set_new (cred_obj, "subject", json_string (subject));
544 json_object_set_new (cred_obj, "expiration", json_integer( cred->expiration.abs_value_us));
545 json_object_set_new (cred_obj, "signature", json_string (signature));
546 GNUNET_JSONAPI_resource_add_attr (json_resource,
547 GNUNET_REST_JSONAPI_CREDENTIAL,
548 cred_obj);
549 GNUNET_JSONAPI_document_resource_add (json_document, json_resource);
550 GNUNET_JSONAPI_document_serialize (json_document, &result);
551 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
552 "Result %s\n",
553 result);
554 json_decref (cred_obj);
555 GNUNET_JSONAPI_document_delete (json_document);
556 resp = GNUNET_REST_create_response (result);
557 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
558 GNUNET_free (result);
559 GNUNET_free (signature);
560 GNUNET_free (issuer);
561 GNUNET_free (subject);
562 cleanup_handle (handle);
563}
564
565void
566get_cred_issuer_cb (void *cls,
567 struct GNUNET_IDENTITY_Ego *ego,
568 void **ctx,
569 const char *name)
570{
571 struct RequestHandle *handle = cls;
572 struct GNUNET_TIME_Absolute etime_abs;
573 struct GNUNET_TIME_Relative etime_rel;
574 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer_key;
575 struct GNUNET_HashCode key;
576 struct GNUNET_CREDENTIAL_Credential *cred;
577 char* expiration_str;
578 char* tmp;
579
580 handle->id_op = NULL;
581
582 if (NULL == name)
583 {
584 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
585 "Issuer not configured!\n");
586 GNUNET_SCHEDULER_add_now (&do_error, handle);
587 return;
588 }
589
590 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
591 "Connecting to credential service...\n");
592 handle->credential = GNUNET_CREDENTIAL_connect (cfg);
593 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
594 "Connected\n");
595 if (NULL == handle->credential)
596 {
597 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
598 "Connecting to CREDENTIAL failed\n");
599 GNUNET_SCHEDULER_add_now (&do_error, handle);
600 return;
601 }
602 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION,
603 strlen (GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION),
604 &key);
605 if ( GNUNET_NO ==
606 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
607 &key) )
608 {
609 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
610 "Missing expiration\n");
611 GNUNET_SCHEDULER_add_now (&do_error, handle);
612 return;
613 }
614 expiration_str = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
615 &key);
616 if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration_str,
617 &etime_rel))
618 {
619 etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
620 } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration_str,
621 &etime_abs))
622 {
623 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
624 "Malformed expiration: %s\n", expiration_str);
625 GNUNET_SCHEDULER_add_now (&do_error, handle);
626 return;
627 }
628 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
629 strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR),
630 &key);
631 if ( GNUNET_NO ==
632 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
633 &key) )
634 {
635 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
636 "Missing issuer attribute\n");
637 GNUNET_SCHEDULER_add_now (&do_error, handle);
638 return;
639 }
640 handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get
641 (handle->rest_handle->url_param_map,
642 &key));
643 GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY,
644 strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY),
645 &key);
646 if ( GNUNET_NO ==
647 GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
648 &key) )
649 {
650 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
651 "Missing subject\n");
652 GNUNET_SCHEDULER_add_now (&do_error, handle);
653 return;
654 }
655 tmp = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
656 &key);
657 if (NULL == tmp)
658 {
659 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
660 "Malformed subject\n");
661 GNUNET_SCHEDULER_add_now (&do_error, handle);
662 return;
663 }
664 if (GNUNET_OK !=
665 GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp,
666 strlen (tmp),
667 &handle->subject_key)) {
668 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
669 "Malformed subject key\n");
670 GNUNET_SCHEDULER_add_now (&do_error, handle);
671 return;
672 }
673 issuer_key = GNUNET_IDENTITY_ego_get_private_key (ego);
674 cred = GNUNET_CREDENTIAL_credential_issue (issuer_key,
675 &handle->subject_key,
676 handle->issuer_attr,
677 &etime_abs);
678 if (NULL == cred)
679 {
680 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
681 "Failed to create credential\n");
682 GNUNET_SCHEDULER_add_now (&do_error, handle);
683 return;
684 }
685 send_cred_response (handle, cred);
686}
687
688
689static void
690issue_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
691 const char* url,
692 void *cls)
693{
694 struct RequestHandle *handle = cls;
695
696 handle->identity = GNUNET_IDENTITY_connect (cfg,
697 NULL,
698 NULL);
699 handle->id_op = GNUNET_IDENTITY_get(handle->identity,
700 "credential-issuer",
701 &get_cred_issuer_cb,
702 handle);
703 handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout,
704 &do_error,
705 handle);
706}
707
481/** 708/**
482 * Handle rest request 709 * Handle rest request
483 * 710 *
@@ -489,7 +716,7 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle,
489 void *cls) 716 void *cls)
490{ 717{
491 struct MHD_Response *resp; 718 struct MHD_Response *resp;
492 struct VerifyHandle *handle = cls; 719 struct RequestHandle *handle = cls;
493 720
494 //For GNS, independent of path return all options 721 //For GNS, independent of path return all options
495 resp = GNUNET_REST_create_response (NULL); 722 resp = GNUNET_REST_create_response (NULL);
@@ -519,7 +746,7 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl
519 GNUNET_REST_ResultProcessor proc, 746 GNUNET_REST_ResultProcessor proc,
520 void *proc_cls) 747 void *proc_cls)
521{ 748{
522 struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); 749 struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
523 struct GNUNET_REST_RequestHandlerError err; 750 struct GNUNET_REST_RequestHandlerError err;
524 751
525 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; 752 handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
@@ -528,7 +755,8 @@ rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handl
528 handle->rest_handle = conndata_handle; 755 handle->rest_handle = conndata_handle;
529 756
530 static const struct GNUNET_REST_RequestHandler handlers[] = { 757 static const struct GNUNET_REST_RequestHandler handlers[] = {
531 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL, &verify_cred_cont}, 758 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont},
759 {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont},
532 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont}, 760 {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont},
533 GNUNET_REST_HANDLER_END 761 GNUNET_REST_HANDLER_END
534 }; 762 };
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh
index b2ced204a..158d91c5b 100755
--- a/src/credential/test_credential_issue.sh
+++ b/src/credential/test_credential_issue.sh
@@ -39,6 +39,6 @@ then
39fi 39fi
40#Try import 40#Try import
41$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf 41$DO_TIMEOUT gnunet-namestore -a -z testsubject -n c1 -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf
42 42RES=$?
43gnunet-arm -e -c test_credential_lookup.conf 43gnunet-arm -e -c test_credential_lookup.conf
44exit $? 44exit $RES
diff --git a/src/credential/test_credential_lookup.conf b/src/credential/test_credential_lookup.conf
index f4bf36c52..7aa193abd 100644
--- a/src/credential/test_credential_lookup.conf
+++ b/src/credential/test_credential_lookup.conf
@@ -14,7 +14,7 @@ AUTOSTART = YES
14#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog 14#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/credlog
15 15
16[rest] 16[rest]
17PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog 17#PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/restlog
18 18
19[gns] 19[gns]
20#PREFIX = valgrind --leak-check=full --track-origins=yes 20#PREFIX = valgrind --leak-check=full --track-origins=yes
diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh
index 924f2ab4a..c4fd8c7a3 100755
--- a/src/credential/test_credential_verify_simple.sh
+++ b/src/credential/test_credential_verify_simple.sh
@@ -39,7 +39,7 @@ RES_CRED=`gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR
39gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf 39gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf
40gnunet-identity -D testsubject -c test_credential_lookup.conf 40gnunet-identity -D testsubject -c test_credential_lookup.conf
41gnunet-arm -e -c test_credential_lookup.conf 41gnunet-arm -e -c test_credential_lookup.conf
42 42echo $RES_CRED
43#TODO3 proper test 43#TODO3 proper test
44if [ "$RES_CRED" == "Successful." ] 44if [ "$RES_CRED" == "Successful." ]
45then 45then
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index 28ff90fc4..1d242f66a 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -223,12 +223,12 @@ check_exchange_result (void *cls,
223 const struct ExchangeResultMessage *erm) 223 const struct ExchangeResultMessage *erm)
224{ 224{
225 char *str; 225 char *str;
226 size_t size = ntohs (erm->header.size) - sizeof (*erm); 226 size_t size = ntohs (erm->header.size);
227 227
228 228
229 str = (char *) &erm[1]; 229 str = (char *) &erm[0];
230 if ( (size > sizeof (struct ExchangeResultMessage)) && 230 if ( (size > sizeof (struct ExchangeResultMessage)) &&
231 ('\0' != str[size - sizeof (struct ExchangeResultMessage) - 1]) ) 231 ('\0' != str[size - 1]) )
232 { 232 {
233 GNUNET_break (0); 233 GNUNET_break (0);
234 return GNUNET_SYSERR; 234 return GNUNET_SYSERR;
@@ -248,10 +248,10 @@ check_result (void *cls,
248 const struct IssueResultMessage *irm) 248 const struct IssueResultMessage *irm)
249{ 249{
250 char *str; 250 char *str;
251 size_t size = ntohs (irm->header.size) - sizeof (*irm); 251 size_t size = ntohs (irm->header.size);
252 str = (char*) &irm[1]; 252 str = (char*) &irm[0];
253 if ( (size > sizeof (struct IssueResultMessage)) && 253 if ( (size > sizeof (struct IssueResultMessage)) &&
254 ('\0' != str[size - sizeof (struct IssueResultMessage) - 1]) ) 254 ('\0' != str[size - 1]) )
255 { 255 {
256 GNUNET_break (0); 256 GNUNET_break (0);
257 return GNUNET_SYSERR; 257 return GNUNET_SYSERR;
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index e64b2685a..5f34d0f1b 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -427,9 +427,6 @@ ego_info_response (struct GNUNET_REST_RequestHandle *con,
427 continue; 427 continue;
428 json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_EGO, 428 json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_EGO,
429 ego_entry->keystring); 429 ego_entry->keystring);
430 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
431 "Egoname: %s\n",
432 ego_entry->identifier);
433 name_str = json_string (ego_entry->identifier); 430 name_str = json_string (ego_entry->identifier);
434 GNUNET_JSONAPI_resource_add_attr ( 431 GNUNET_JSONAPI_resource_add_attr (
435 json_resource, 432 json_resource,
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h
index 7419407d3..906163c14 100644
--- a/src/include/gnunet_credential_service.h
+++ b/src/include/gnunet_credential_service.h
@@ -74,65 +74,49 @@ enum GNUNET_CREDENTIAL_CredentialFlags {
74 74
75GNUNET_NETWORK_STRUCT_BEGIN 75GNUNET_NETWORK_STRUCT_BEGIN
76/** 76/**
77 * The credential record 77 * The attribute delegation record
78 */ 78 */
79struct GNUNET_CREDENTIAL_CredentialRecordData { 79struct GNUNET_CREDENTIAL_DelegationRecord {
80
81 /**
82 * The signature for this credential by the issuer
83 */
84 struct GNUNET_CRYPTO_EcdsaSignature signature;
85
86 /**
87 * Signature meta
88 */
89 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
90 80
91 /** 81 /**
92 * Public key of the issuer 82 * Number of delegation sets in this record
93 */ 83 */
94 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; 84 uint32_t set_count;
95 85
96 /** 86 /**
97 * Public key of the subject this credential was issued to 87 * Length of delegation sets
98 */ 88 */
99 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; 89 uint64_t data_size;
100
101 /** 90 /**
102 * Expiration time of this credential 91 * Followed by set_count DelegationSetRecords
103 */ 92 *
104 uint64_t expiration GNUNET_PACKED;
105
106 /**
107 * Followed by the attribute string
108 */ 93 */
109}; 94};
110 95
111
112/** 96/**
113 * The attribute delegation record 97 * The attribute delegation record
114*/ 98 */
115struct GNUNET_CREDENTIAL_DelegationRecordData { 99struct GNUNET_CREDENTIAL_DelegationRecordSet {
116
117 uint32_t set_count;
118 100
119 uint64_t data_size; 101 /**
102 * Public key of the subject this attribute was delegated to
103 */
104 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
120 105
121 char *data;
122
123 /** 106 /**
124 * Followed by the attribute that was delegated to as string 107 * Length of attribute, may be 0
125 * May be empty
126 */ 108 */
109 uint32_t subject_attribute_len;
127}; 110};
128 111
129 112
113GNUNET_NETWORK_STRUCT_END
130 114
131/** 115/**
132 * The attribute delegation record 116 * The attribute delegation record
133*/ 117 */
134struct GNUNET_CREDENTIAL_DelegationSetRecord { 118struct GNUNET_CREDENTIAL_DelegationSet {
135 119
136 /** 120 /**
137 * Public key of the subject this attribute was delegated to 121 * Public key of the subject this attribute was delegated to
138 */ 122 */
@@ -140,20 +124,18 @@ struct GNUNET_CREDENTIAL_DelegationSetRecord {
140 124
141 uint32_t subject_attribute_len; 125 uint32_t subject_attribute_len;
142 126
143 const char *subject_attribute;
144
145 /** 127 /**
146 * Followed by the attribute that was delegated to as string 128 * The subject attribute
147 * May be empty
148 */ 129 */
130 const char *subject_attribute;
149}; 131};
150 132
151 133
152/** 134/**
153 * A delegation 135 * A delegation
154*/ 136 */
155struct GNUNET_CREDENTIAL_Delegation { 137struct GNUNET_CREDENTIAL_Delegation {
156 138
157 /** 139 /**
158 * The issuer of the delegation 140 * The issuer of the delegation
159 */ 141 */
@@ -188,9 +170,9 @@ struct GNUNET_CREDENTIAL_Delegation {
188 170
189/** 171/**
190 * A credential 172 * A credential
191*/ 173 */
192struct GNUNET_CREDENTIAL_Credential { 174struct GNUNET_CREDENTIAL_Credential {
193 175
194 /** 176 /**
195 * The issuer of the credential 177 * The issuer of the credential
196 */ 178 */
@@ -202,6 +184,16 @@ struct GNUNET_CREDENTIAL_Credential {
202 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; 184 struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
203 185
204 /** 186 /**
187 * Signature of this credential
188 */
189 struct GNUNET_CRYPTO_EcdsaSignature signature;
190
191 /**
192 * Expiration of this credential
193 */
194 struct GNUNET_TIME_Absolute expiration;
195
196 /**
205 * Length of the attribute 197 * Length of the attribute
206 */ 198 */
207 uint32_t issuer_attribute_len; 199 uint32_t issuer_attribute_len;
@@ -210,11 +202,8 @@ struct GNUNET_CREDENTIAL_Credential {
210 * The attribute 202 * The attribute
211 */ 203 */
212 const char *issuer_attribute; 204 const char *issuer_attribute;
213
214};
215 205
216 206};
217GNUNET_NETWORK_STRUCT_END
218 207
219 208
220 209
@@ -260,7 +249,7 @@ typedef void (*GNUNET_CREDENTIAL_VerifyResultProcessor) (void *cls,
260 * @param result the record data that can be handed to the subject 249 * @param result the record data that can be handed to the subject
261 */ 250 */
262typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls, 251typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
263 uint32_t success); 252 uint32_t success);
264 253
265/** 254/**
266 * Iterator called on obtained result for an attribute delegation removal. 255 * Iterator called on obtained result for an attribute delegation removal.
@@ -270,7 +259,7 @@ typedef void (*GNUNET_CREDENTIAL_DelegateResultProcessor) (void *cls,
270 * @param result the record data that can be handed to the subject 259 * @param result the record data that can be handed to the subject
271 */ 260 */
272typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls, 261typedef void (*GNUNET_CREDENTIAL_RemoveDelegateResultProcessor) (void *cls,
273 uint32_t success); 262 uint32_t success);
274 263
275 264
276 265
@@ -330,10 +319,10 @@ GNUNET_CREDENTIAL_add_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
330 */ 319 */
331struct GNUNET_CREDENTIAL_Request * 320struct GNUNET_CREDENTIAL_Request *
332GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle, 321GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
333 struct GNUNET_IDENTITY_Ego *issuer, 322 struct GNUNET_IDENTITY_Ego *issuer,
334 const char *attribute, 323 const char *attribute,
335 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc, 324 GNUNET_CREDENTIAL_RemoveDelegateResultProcessor proc,
336 void *proc_cls); 325 void *proc_cls);
337 326
338 327
339 328
@@ -347,12 +336,12 @@ GNUNET_CREDENTIAL_remove_delegation (struct GNUNET_CREDENTIAL_Handle *handle,
347 * @param expiration the TTL of the credential 336 * @param expiration the TTL of the credential
348 * @return handle to the queued request 337 * @return handle to the queued request
349 */ 338 */
350struct GNUNET_CREDENTIAL_CredentialRecordData * 339struct GNUNET_CREDENTIAL_Credential*
351GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, 340GNUNET_CREDENTIAL_credential_issue (
352 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, 341 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
353 struct GNUNET_CRYPTO_EcdsaPublicKey *subject, 342 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
354 const char *attribute, 343 const char *attribute,
355 struct GNUNET_TIME_Absolute *expiration); 344 struct GNUNET_TIME_Absolute *expiration);
356 345
357 346
358/** 347/**
diff --git a/src/jsonapi/jsonapi_document.c b/src/jsonapi/jsonapi_document.c
index 600b7ee6a..8022a9f6e 100644
--- a/src/jsonapi/jsonapi_document.c
+++ b/src/jsonapi/jsonapi_document.c
@@ -332,28 +332,20 @@ GNUNET_JSONAPI_document_to_json (const struct GNUNET_JSONAPI_Document *doc,
332 GNUNET_JSONAPI_KEY_ERRORS, 332 GNUNET_JSONAPI_KEY_ERRORS,
333 res_json); 333 res_json);
334 } else { 334 } else {
335 switch (doc->res_count) 335 if (0 == doc->res_count)
336 { 336 {
337 case 0: 337 res_json = json_null();
338 res_json = json_null(); 338 } else {
339 break; 339 res_json = json_array ();
340 case 1: 340 for (res = doc->res_list_head;
341 res != NULL;
342 res = res->next)
343 {
341 GNUNET_assert (GNUNET_OK == 344 GNUNET_assert (GNUNET_OK ==
342 GNUNET_JSONAPI_resource_to_json (doc->res_list_head, 345 GNUNET_JSONAPI_resource_to_json (res,
343 &res_json)); 346 &res_json_tmp));
344 break; 347 json_array_append (res_json, res_json_tmp);
345 default: 348 }
346 res_json = json_array ();
347 for (res = doc->res_list_head;
348 res != NULL;
349 res = res->next)
350 {
351 GNUNET_assert (GNUNET_OK ==
352 GNUNET_JSONAPI_resource_to_json (res,
353 &res_json_tmp));
354 json_array_append (res_json, res_json_tmp);
355 }
356 break;
357 } 349 }
358 json_object_set_new (*root_json, 350 json_object_set_new (*root_json,
359 GNUNET_JSONAPI_KEY_DATA, 351 GNUNET_JSONAPI_KEY_DATA,
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 18:37:58 +0000