diff options
-rw-r--r-- | src/credential/credential_api.c | 2 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 2 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 4 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 153 | ||||
-rw-r--r-- | src/include/gnunet_credential_service.h | 2 |
5 files changed, 153 insertions, 10 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 5bc1e52f1..54a02484d 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -457,7 +457,7 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | |||
457 | if (GNUNET_OK != | 457 | if (GNUNET_OK != |
458 | GNUNET_CRYPTO_ecdsa_sign (issuer, | 458 | GNUNET_CRYPTO_ecdsa_sign (issuer, |
459 | &crd->purpose, | 459 | &crd->purpose, |
460 | &crd->sig)) | 460 | &crd->signature)) |
461 | { | 461 | { |
462 | GNUNET_break (0); | 462 | GNUNET_break (0); |
463 | GNUNET_free (crd); | 463 | GNUNET_free (crd); |
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index f07c777d6..e0e845468 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -533,7 +533,7 @@ handle_credential_query (void* cls, | |||
533 | crd = rd[i].data; | 533 | crd = rd[i].data; |
534 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | 534 | if(GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, |
535 | &crd->purpose, | 535 | &crd->purpose, |
536 | &crd->sig, | 536 | &crd->signature, |
537 | &crd->issuer_key)) | 537 | &crd->issuer_key)) |
538 | { | 538 | { |
539 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 539 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index ece4be1e3..281113a34 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -98,7 +98,7 @@ credential_value_to_string (void *cls, | |||
98 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | 98 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); |
99 | etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); | 99 | etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); |
100 | expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); | 100 | expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); |
101 | GNUNET_STRINGS_base64_encode ((char*)&cred.sig, | 101 | GNUNET_STRINGS_base64_encode ((char*)&cred.signature, |
102 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | 102 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), |
103 | &signature); | 103 | &signature); |
104 | GNUNET_asprintf (&cred_str, | 104 | GNUNET_asprintf (&cred_str, |
@@ -219,7 +219,7 @@ credential_string_to_value (void *cls, | |||
219 | GNUNET_STRINGS_base64_decode (signature, | 219 | GNUNET_STRINGS_base64_decode (signature, |
220 | strlen (signature), | 220 | strlen (signature), |
221 | (char**)&sig); | 221 | (char**)&sig); |
222 | cred->sig = *sig; | 222 | cred->signature = *sig; |
223 | cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); | 223 | cred->expiration = GNUNET_htonll (etime_abs.abs_value_us); |
224 | cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | 224 | cred->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); |
225 | cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 225 | cred->purpose.size = htonl (strlen (name) + 1 + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index 51d91079a..137f55c47 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -37,6 +37,12 @@ | |||
37 | 37 | ||
38 | #define GNUNET_REST_API_NS_CREDENTIAL "/credential" | 38 | #define GNUNET_REST_API_NS_CREDENTIAL "/credential" |
39 | 39 | ||
40 | #define GNUNET_REST_JSONAPI_CREDENTIAL "credential" | ||
41 | |||
42 | #define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential" | ||
43 | |||
44 | #define GNUNET_REST_JSONAPI_CREDENTIAL_CHAIN "chain" | ||
45 | |||
40 | #define GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR "attribute" | 46 | #define GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR "attribute" |
41 | 47 | ||
42 | #define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR "credential" | 48 | #define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR "credential" |
@@ -174,6 +180,143 @@ do_error (void *cls) | |||
174 | cleanup_handle (handle); | 180 | cleanup_handle (handle); |
175 | } | 181 | } |
176 | 182 | ||
183 | /** | ||
184 | * Attribute delegation to JSON | ||
185 | * @param attr the attribute | ||
186 | * @return JSON, NULL if failed | ||
187 | */ | ||
188 | static json_t* | ||
189 | attribute_delegation_to_json (struct GNUNET_CREDENTIAL_AttributeRecordData *attr) | ||
190 | { | ||
191 | char *subject; | ||
192 | char *attribute; | ||
193 | json_t *attr_obj; | ||
194 | |||
195 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&attr->subject_key); | ||
196 | { | ||
197 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
198 | "Subject in credential malformed\n"); | ||
199 | return NULL; | ||
200 | } | ||
201 | attribute = (char*)&attr[1]; | ||
202 | attr_obj = json_object (); | ||
203 | json_object_set_new (attr_obj, "subject", json_string (subject)); | ||
204 | json_object_set_new (attr_obj, "attribute", json_string (attribute)); | ||
205 | GNUNET_free (subject); | ||
206 | return attr_obj; | ||
207 | } | ||
208 | |||
209 | /** | ||
210 | * Credential to JSON | ||
211 | * @param cred the credential | ||
212 | * @return the resulting json, NULL if failed | ||
213 | */ | ||
214 | static json_t* | ||
215 | credential_to_json (struct GNUNET_CREDENTIAL_CredentialRecordData *cred) | ||
216 | { | ||
217 | struct GNUNET_TIME_Absolute exp; | ||
218 | const char* exp_str; | ||
219 | char *issuer; | ||
220 | char *subject; | ||
221 | char *attribute; | ||
222 | char *signature; | ||
223 | json_t *cred_obj; | ||
224 | |||
225 | issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key); | ||
226 | if (NULL == issuer) | ||
227 | { | ||
228 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
229 | "Issuer in credential malformed\n"); | ||
230 | return NULL; | ||
231 | } | ||
232 | subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key); | ||
233 | if (NULL == subject) | ||
234 | { | ||
235 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
236 | "Subject in credential malformed\n"); | ||
237 | GNUNET_free (issuer); | ||
238 | return NULL; | ||
239 | } | ||
240 | GNUNET_STRINGS_base64_encode ((char*)&cred->signature, | ||
241 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
242 | &signature); | ||
243 | attribute = (char*)&cred[1]; | ||
244 | exp.abs_value_us = ntohs (cred->expiration); | ||
245 | exp_str = GNUNET_STRINGS_absolute_time_to_string (exp); | ||
246 | cred_obj = json_object (); | ||
247 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); | ||
248 | json_object_set_new (cred_obj, "subject", json_string (subject)); | ||
249 | json_object_set_new (cred_obj, "attribute", json_string (attribute)); | ||
250 | json_object_set_new (cred_obj, "signature", json_string (signature)); | ||
251 | json_object_set_new (cred_obj, "expiration", json_string (exp_str)); | ||
252 | GNUNET_free (issuer); | ||
253 | GNUNET_free (subject); | ||
254 | GNUNET_free (signature); | ||
255 | return cred_obj; | ||
256 | } | ||
257 | |||
258 | /** | ||
259 | * Function called with the result of a Credential lookup. | ||
260 | * | ||
261 | * @param cls the 'const char *' name that was resolved | ||
262 | * @param cd_count number of records returned | ||
263 | * @param cd array of @a cd_count records with the results | ||
264 | */ | ||
265 | static void | ||
266 | handle_verify_response (void *cls, | ||
267 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred, | ||
268 | uint32_t delegation_count, | ||
269 | struct GNUNET_CREDENTIAL_AttributeRecordData *deleg) | ||
270 | { | ||
271 | |||
272 | struct VerifyHandle *handle = cls; | ||
273 | struct MHD_Response *resp; | ||
274 | struct GNUNET_JSONAPI_Document *json_document; | ||
275 | struct GNUNET_JSONAPI_Resource *json_resource; | ||
276 | json_t *cred_obj; | ||
277 | json_t *attr_obj; | ||
278 | json_t *result_array; | ||
279 | char *result; | ||
280 | uint32_t i; | ||
281 | |||
282 | handle->verify_request = NULL; | ||
283 | if (NULL == cred) { | ||
284 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
285 | "Verify failed.\n"); | ||
286 | handle->response_code = MHD_HTTP_NOT_FOUND; | ||
287 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
288 | return; | ||
289 | } | ||
290 | json_document = GNUNET_JSONAPI_document_new (); | ||
291 | json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, | ||
292 | handle->issuer_attr); | ||
293 | cred_obj = credential_to_json (cred); | ||
294 | result_array = json_array (); | ||
295 | for (i = 0; i < delegation_count; i++) | ||
296 | { | ||
297 | attr_obj = attribute_delegation_to_json (&(deleg[i])); | ||
298 | json_array_append (result_array, attr_obj); | ||
299 | json_decref (attr_obj); | ||
300 | } | ||
301 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
302 | GNUNET_REST_JSONAPI_CREDENTIAL, | ||
303 | cred_obj); | ||
304 | GNUNET_JSONAPI_resource_add_attr (json_resource, | ||
305 | GNUNET_REST_JSONAPI_CREDENTIAL_CHAIN, | ||
306 | result_array); | ||
307 | GNUNET_JSONAPI_document_resource_add (json_document, json_resource); | ||
308 | GNUNET_JSONAPI_document_serialize (json_document, &result); | ||
309 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
310 | "Result %s\n", | ||
311 | result); | ||
312 | json_decref (result_array); | ||
313 | GNUNET_JSONAPI_document_delete (json_document); | ||
314 | resp = GNUNET_REST_create_response (result); | ||
315 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
316 | GNUNET_free (result); | ||
317 | cleanup_handle (handle); | ||
318 | } | ||
319 | |||
177 | 320 | ||
178 | static void | 321 | static void |
179 | verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | 322 | verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, |
@@ -292,14 +435,14 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
292 | } | 435 | } |
293 | handle->subject_attr = GNUNET_strdup (tmp); | 436 | handle->subject_attr = GNUNET_strdup (tmp); |
294 | GNUNET_free (entity_attr); | 437 | GNUNET_free (entity_attr); |
295 | 438 | ||
296 | handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, | 439 | handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, |
297 | &handle->issuer_key, | 440 | &handle->issuer_key, |
298 | handle->issuer_attr, | 441 | handle->issuer_attr, |
299 | &handle->subject_key, | 442 | &handle->subject_key, |
300 | handle->subject_attr, | 443 | handle->subject_attr, |
301 | NULL, | 444 | &handle_verify_response, |
302 | NULL); | 445 | handle); |
303 | 446 | ||
304 | } | 447 | } |
305 | 448 | ||
@@ -341,8 +484,8 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
341 | */ | 484 | */ |
342 | static void | 485 | static void |
343 | rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, | 486 | rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle, |
344 | GNUNET_REST_ResultProcessor proc, | 487 | GNUNET_REST_ResultProcessor proc, |
345 | void *proc_cls) | 488 | void *proc_cls) |
346 | { | 489 | { |
347 | struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); | 490 | struct VerifyHandle *handle = GNUNET_new (struct VerifyHandle); |
348 | struct GNUNET_REST_RequestHandlerError err; | 491 | struct GNUNET_REST_RequestHandlerError err; |
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index f7b09b3ff..549c25ef8 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
@@ -81,7 +81,7 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { | |||
81 | /** | 81 | /** |
82 | * The signature for this credential by the issuer | 82 | * The signature for this credential by the issuer |
83 | */ | 83 | */ |
84 | struct GNUNET_CRYPTO_EcdsaSignature sig; | 84 | struct GNUNET_CRYPTO_EcdsaSignature signature; |
85 | 85 | ||
86 | /** | 86 | /** |
87 | * Signature meta | 87 | * Signature meta |