diff options
Diffstat (limited to 'src/credential/gnunet-credential.c')
-rw-r--r-- | src/credential/gnunet-credential.c | 294 |
1 files changed, 155 insertions, 139 deletions
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index 07148a1b5..5cc1a791e 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -27,7 +27,6 @@ | |||
27 | #include <gnunet_credential_service.h> | 27 | #include <gnunet_credential_service.h> |
28 | #include <gnunet_gnsrecord_lib.h> | 28 | #include <gnunet_gnsrecord_lib.h> |
29 | #include <gnunet_namestore_service.h> | 29 | #include <gnunet_namestore_service.h> |
30 | #include "credential_misc.h" | ||
31 | #include "delegate_misc.h" | 30 | #include "delegate_misc.h" |
32 | #include "credential_serialization.h" | 31 | #include "credential_serialization.h" |
33 | 32 | ||
@@ -82,9 +81,9 @@ static struct GNUNET_SCHEDULER_Task *tt; | |||
82 | static char *subject; | 81 | static char *subject; |
83 | 82 | ||
84 | /** | 83 | /** |
85 | * Subject credential string | 84 | * Subject delegate string |
86 | */ | 85 | */ |
87 | static char *subject_credential; | 86 | static char *subject_delegate; |
88 | 87 | ||
89 | /** | 88 | /** |
90 | * Credential TTL | 89 | * Credential TTL |
@@ -123,11 +122,6 @@ static char *issuer_attr; | |||
123 | static int verify; | 122 | static int verify; |
124 | 123 | ||
125 | /** | 124 | /** |
126 | * Issue mode | ||
127 | */ | ||
128 | static int create_cred; | ||
129 | |||
130 | /** | ||
131 | * Collect mode | 125 | * Collect mode |
132 | */ | 126 | */ |
133 | static int collect; | 127 | static int collect; |
@@ -153,6 +147,26 @@ static int sign_ss; | |||
153 | static char *import; | 147 | static char *import; |
154 | 148 | ||
155 | /** | 149 | /** |
150 | * Is record private | ||
151 | */ | ||
152 | static int is_private; | ||
153 | |||
154 | /** | ||
155 | * Search direction: forward | ||
156 | */ | ||
157 | static int forward; | ||
158 | |||
159 | /** | ||
160 | * Search direction: backward | ||
161 | */ | ||
162 | static int backward; | ||
163 | |||
164 | /** | ||
165 | * API enum, filled and passed for collect/verify | ||
166 | */ | ||
167 | enum GNUNET_CREDENTIAL_AlgoDirectionFlags direction = 0; | ||
168 | |||
169 | /** | ||
156 | * Queue entry for the 'add' operation. | 170 | * Queue entry for the 'add' operation. |
157 | */ | 171 | */ |
158 | static struct GNUNET_NAMESTORE_QueueEntry *add_qe; | 172 | static struct GNUNET_NAMESTORE_QueueEntry *add_qe; |
@@ -268,8 +282,10 @@ handle_collect_result (void *cls, | |||
268 | printf ("%s\n", line); | 282 | printf ("%s\n", line); |
269 | GNUNET_free (line); | 283 | GNUNET_free (line); |
270 | } | 284 | } |
271 | } else { | 285 | } |
272 | printf("Received NULL\n"); | 286 | else |
287 | { | ||
288 | printf ("Received NULL\n"); | ||
273 | } | 289 | } |
274 | 290 | ||
275 | GNUNET_SCHEDULER_shutdown (); | 291 | GNUNET_SCHEDULER_shutdown (); |
@@ -344,10 +360,6 @@ static void | |||
344 | identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego) | 360 | identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego) |
345 | { | 361 | { |
346 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 362 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
347 | struct GNUNET_CREDENTIAL_Credential *cred; | ||
348 | struct GNUNET_TIME_Absolute etime_abs; | ||
349 | struct GNUNET_TIME_Relative etime_rel; | ||
350 | char *res; | ||
351 | 363 | ||
352 | el = NULL; | 364 | el = NULL; |
353 | if (NULL == ego) | 365 | if (NULL == ego) |
@@ -381,44 +393,11 @@ identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego) | |||
381 | &issuer_pkey, | 393 | &issuer_pkey, |
382 | issuer_attr, //TODO argument | 394 | issuer_attr, //TODO argument |
383 | privkey, | 395 | privkey, |
396 | direction, | ||
384 | &handle_collect_result, | 397 | &handle_collect_result, |
385 | NULL); | 398 | NULL); |
386 | return; | 399 | return; |
387 | } | 400 | } |
388 | |||
389 | //Else issue | ||
390 | |||
391 | if (NULL == expiration) | ||
392 | { | ||
393 | fprintf (stderr, "Please specify a TTL\n"); | ||
394 | GNUNET_SCHEDULER_shutdown (); | ||
395 | return; | ||
396 | } | ||
397 | else if (GNUNET_OK == | ||
398 | GNUNET_STRINGS_fancy_time_to_relative (expiration, &etime_rel)) | ||
399 | { | ||
400 | etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); | ||
401 | } | ||
402 | else if (GNUNET_OK != | ||
403 | GNUNET_STRINGS_fancy_time_to_absolute (expiration, &etime_abs)) | ||
404 | { | ||
405 | fprintf (stderr, "%s is not a valid ttl!\n", expiration); | ||
406 | GNUNET_SCHEDULER_shutdown (); | ||
407 | return; | ||
408 | } | ||
409 | |||
410 | |||
411 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
412 | GNUNET_free_non_null (ego_name); | ||
413 | ego_name = NULL; | ||
414 | cred = GNUNET_CREDENTIAL_credential_issue (privkey, | ||
415 | &subject_pkey, | ||
416 | issuer_attr, | ||
417 | &etime_abs); | ||
418 | |||
419 | res = GNUNET_CREDENTIAL_credential_to_string (cred); | ||
420 | GNUNET_free (cred); | ||
421 | printf ("%s\n", res); | ||
422 | GNUNET_SCHEDULER_shutdown (); | 401 | GNUNET_SCHEDULER_shutdown (); |
423 | } | 402 | } |
424 | 403 | ||
@@ -506,9 +485,9 @@ get_existing_record (void *cls, | |||
506 | rde->record_type = type; | 485 | rde->record_type = type; |
507 | // Flags not required , TODO what have we said we do with that now? Look it up in my writing | 486 | // Flags not required , TODO what have we said we do with that now? Look it up in my writing |
508 | /*if (1 == is_shadow) | 487 | /*if (1 == is_shadow) |
509 | rde->flags |= GNUNET_GNSRECORD_RF_SHADOW_RECORD; | 488 | rde->flags |= GNUNET_GNSRECORD_RF_SHADOW_RECORD;*/ |
510 | if (1 != is_public) | 489 | if (GNUNET_YES == is_private) |
511 | rde->flags |= GNUNET_GNSRECORD_RF_PRIVATE;*/ | 490 | rde->flags |= GNUNET_GNSRECORD_RF_PRIVATE; |
512 | rde->expiration_time = etime; | 491 | rde->expiration_time = etime; |
513 | if (GNUNET_YES == etime_is_rel) | 492 | if (GNUNET_YES == etime_is_rel) |
514 | rde->flags |= GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 493 | rde->flags |= GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; |
@@ -751,6 +730,7 @@ run (void *cls, | |||
751 | 730 | ||
752 | if (GNUNET_YES == create_ss) | 731 | if (GNUNET_YES == create_ss) |
753 | { | 732 | { |
733 | |||
754 | // check if signed parameter has been passed in cmd line call | 734 | // check if signed parameter has been passed in cmd line call |
755 | if (NULL == import) | 735 | if (NULL == import) |
756 | { | 736 | { |
@@ -787,6 +767,20 @@ run (void *cls, | |||
787 | return; | 767 | return; |
788 | } | 768 | } |
789 | 769 | ||
770 | if (GNUNET_NO == forward && GNUNET_NO == backward) | ||
771 | { | ||
772 | fprintf ( | ||
773 | stderr, | ||
774 | _ ( | ||
775 | "You must state which search direction: '--forward' or '--backward'\n")); | ||
776 | GNUNET_SCHEDULER_shutdown (); | ||
777 | return; | ||
778 | } | ||
779 | if (GNUNET_YES == forward) | ||
780 | direction |= GNUNET_CREDENTIAL_FLAG_FORWARD; | ||
781 | if (GNUNET_YES == backward) | ||
782 | direction |= GNUNET_CREDENTIAL_FLAG_BACKWARD; | ||
783 | |||
790 | if (GNUNET_YES == collect) | 784 | if (GNUNET_YES == collect) |
791 | { | 785 | { |
792 | if (NULL == issuer_key) | 786 | if (NULL == issuer_key) |
@@ -840,6 +834,15 @@ run (void *cls, | |||
840 | 834 | ||
841 | if (GNUNET_YES == verify) | 835 | if (GNUNET_YES == verify) |
842 | { | 836 | { |
837 | if (GNUNET_NO == forward && GNUNET_NO == backward) | ||
838 | { | ||
839 | fprintf ( | ||
840 | stderr, | ||
841 | _ ( | ||
842 | "You must state which search direction: '-forward' or 'backward'\n")); | ||
843 | GNUNET_SCHEDULER_shutdown (); | ||
844 | return; | ||
845 | } | ||
843 | if (NULL == issuer_key) | 846 | if (NULL == issuer_key) |
844 | { | 847 | { |
845 | fprintf (stderr, _ ("Issuer public key not well-formed\n")); | 848 | fprintf (stderr, _ ("Issuer public key not well-formed\n")); |
@@ -865,7 +868,7 @@ run (void *cls, | |||
865 | GNUNET_SCHEDULER_shutdown (); | 868 | GNUNET_SCHEDULER_shutdown (); |
866 | return; | 869 | return; |
867 | } | 870 | } |
868 | if (NULL == issuer_attr || NULL == subject_credential) | 871 | if (NULL == issuer_attr || NULL == subject_delegate) |
869 | { | 872 | { |
870 | fprintf (stderr, _ ("You must provide issuer and subject attributes\n")); | 873 | fprintf (stderr, _ ("You must provide issuer and subject attributes\n")); |
871 | GNUNET_SCHEDULER_shutdown (); | 874 | GNUNET_SCHEDULER_shutdown (); |
@@ -873,7 +876,7 @@ run (void *cls, | |||
873 | } | 876 | } |
874 | 877 | ||
875 | //Subject credentials are comma separated | 878 | //Subject credentials are comma separated |
876 | char *tmp = GNUNET_strdup (subject_credential); | 879 | char *tmp = GNUNET_strdup (subject_delegate); |
877 | char *tok = strtok (tmp, ","); | 880 | char *tok = strtok (tmp, ","); |
878 | if (NULL == tok) | 881 | if (NULL == tok) |
879 | { | 882 | { |
@@ -886,20 +889,20 @@ run (void *cls, | |||
886 | int i; | 889 | int i; |
887 | while (NULL != (tok = strtok (NULL, ","))) | 890 | while (NULL != (tok = strtok (NULL, ","))) |
888 | count++; | 891 | count++; |
889 | struct GNUNET_CREDENTIAL_Delegate credentials[count]; | 892 | struct GNUNET_CREDENTIAL_Delegate delegates[count]; |
890 | struct GNUNET_CREDENTIAL_Delegate *cred; | 893 | struct GNUNET_CREDENTIAL_Delegate *dele; |
891 | GNUNET_free (tmp); | 894 | GNUNET_free (tmp); |
892 | tmp = GNUNET_strdup (subject_credential); | 895 | tmp = GNUNET_strdup (subject_delegate); |
893 | tok = strtok (tmp, ","); | 896 | tok = strtok (tmp, ","); |
894 | for (i = 0; i < count; i++) | 897 | for (i = 0; i < count; i++) |
895 | { | 898 | { |
896 | cred = GNUNET_CREDENTIAL_delegate_from_string (tok); | 899 | dele = GNUNET_CREDENTIAL_delegate_from_string (tok); |
897 | GNUNET_memcpy (&credentials[i], | 900 | GNUNET_memcpy (&delegates[i], |
898 | cred, | 901 | dele, |
899 | sizeof (struct GNUNET_CREDENTIAL_Delegate)); | 902 | sizeof (struct GNUNET_CREDENTIAL_Delegate)); |
900 | credentials[i].issuer_attribute = GNUNET_strdup (cred->issuer_attribute); | 903 | delegates[i].issuer_attribute = GNUNET_strdup (dele->issuer_attribute); |
901 | tok = strtok (NULL, ","); | 904 | tok = strtok (NULL, ","); |
902 | GNUNET_free (cred); | 905 | GNUNET_free (dele); |
903 | } | 906 | } |
904 | 907 | ||
905 | verify_request = GNUNET_CREDENTIAL_verify (credential, | 908 | verify_request = GNUNET_CREDENTIAL_verify (credential, |
@@ -907,27 +910,16 @@ run (void *cls, | |||
907 | issuer_attr, //TODO argument | 910 | issuer_attr, //TODO argument |
908 | &subject_pkey, | 911 | &subject_pkey, |
909 | count, | 912 | count, |
910 | credentials, | 913 | delegates, |
914 | direction, | ||
911 | &handle_verify_result, | 915 | &handle_verify_result, |
912 | NULL); | 916 | NULL); |
913 | for (i = 0; i < count; i++) | 917 | for (i = 0; i < count; i++) |
914 | { | 918 | { |
915 | GNUNET_free ((char *) credentials[i].issuer_attribute); | 919 | GNUNET_free ((char *) delegates[i].issuer_attribute); |
916 | } | 920 | } |
917 | GNUNET_free (tmp); | 921 | GNUNET_free (tmp); |
918 | } | 922 | } |
919 | else if (GNUNET_YES == create_cred) | ||
920 | { | ||
921 | if (NULL == ego_name) | ||
922 | { | ||
923 | fprintf (stderr, _ ("Issuer ego required\n")); | ||
924 | GNUNET_SCHEDULER_shutdown (); | ||
925 | return; | ||
926 | } | ||
927 | el = GNUNET_IDENTITY_ego_lookup (cfg, ego_name, &identity_cb, (void *) cfg); | ||
928 | |||
929 | return; | ||
930 | } | ||
931 | else | 923 | else |
932 | { | 924 | { |
933 | fprintf (stderr, | 925 | fprintf (stderr, |
@@ -949,70 +941,94 @@ run (void *cls, | |||
949 | int | 941 | int |
950 | main (int argc, char *const *argv) | 942 | main (int argc, char *const *argv) |
951 | { | 943 | { |
952 | struct GNUNET_GETOPT_CommandLineOption options[] = { | 944 | struct GNUNET_GETOPT_CommandLineOption options[] = |
953 | GNUNET_GETOPT_option_flag ('I', | 945 | {GNUNET_GETOPT_option_flag ('V', |
954 | "issue", | 946 | "verify", |
955 | gettext_noop ("create credential"), | 947 | gettext_noop ( |
956 | &create_cred), | 948 | "verify credential against attribute"), |
957 | GNUNET_GETOPT_option_flag ('V', | 949 | &verify), |
958 | "verify", | 950 | GNUNET_GETOPT_option_string ( |
959 | gettext_noop ("verify credential against attribute"), | 951 | 's', |
960 | &verify), | 952 | "subject", |
961 | GNUNET_GETOPT_option_string ('s', | 953 | "PKEY", |
962 | "subject", | 954 | gettext_noop ( |
963 | "PKEY", | 955 | "The public key of the subject to lookup the" |
964 | gettext_noop ("The public key of the subject to lookup the" | 956 | "credential for, or for issuer side storage: subject and its attributes"), |
965 | "credential for, or for issuer side storage: subject and its attributes"), | 957 | &subject), |
966 | &subject), | 958 | GNUNET_GETOPT_option_string ( |
967 | GNUNET_GETOPT_option_string ('b', | 959 | 'd', |
968 | "credential", | 960 | "delegate", |
969 | "CRED", | 961 | "DELE", |
970 | gettext_noop ("The name of the credential presented by the subject"), | 962 | gettext_noop ("The private, signed delegate presented by the subject"), |
971 | &subject_credential), | 963 | &subject_delegate), |
972 | GNUNET_GETOPT_option_string ('i', | 964 | GNUNET_GETOPT_option_string ( |
973 | "issuer", | 965 | 'i', |
974 | "PKEY", | 966 | "issuer", |
975 | gettext_noop ("The public key of the authority to verify the credential against"), | 967 | "PKEY", |
976 | &issuer_key), | 968 | gettext_noop ( |
977 | GNUNET_GETOPT_option_string ('e', | 969 | "The public key of the authority to verify the credential against"), |
978 | "ego", | 970 | &issuer_key), |
979 | "EGO", | 971 | GNUNET_GETOPT_option_string ('e', |
980 | gettext_noop ("The ego/zone name to use"), | 972 | "ego", |
981 | &ego_name), | 973 | "EGO", |
982 | GNUNET_GETOPT_option_string ('a', | 974 | gettext_noop ("The ego/zone name to use"), |
983 | "attribute", | 975 | &ego_name), |
984 | "ATTR", | 976 | GNUNET_GETOPT_option_string ( |
985 | gettext_noop ("The issuer attribute to verify against or to issue"), | 977 | 'a', |
986 | &issuer_attr), | 978 | "attribute", |
987 | GNUNET_GETOPT_option_string ('T', | 979 | "ATTR", |
988 | "ttl", | 980 | gettext_noop ("The issuer attribute to verify against or to issue"), |
989 | "EXP", | 981 | &issuer_attr), |
990 | gettext_noop ("The time to live for the credential." | 982 | GNUNET_GETOPT_option_string ('T', |
991 | "e.g. 5m, 6h, \"1990-12-30 12:00:00\""), | 983 | "ttl", |
992 | &expiration), | 984 | "EXP", |
993 | GNUNET_GETOPT_option_flag ('g', | 985 | gettext_noop ( |
994 | "collect", | 986 | "The time to live for the credential." |
995 | gettext_noop ("collect credentials"), | 987 | "e.g. 5m, 6h, \"1990-12-30 12:00:00\""), |
996 | &collect), | 988 | &expiration), |
997 | GNUNET_GETOPT_option_flag ('U', | 989 | GNUNET_GETOPT_option_flag ('g', |
998 | "createIssuerSide", | 990 | "collect", |
999 | gettext_noop ("Create and issue a credential issuer side."), | 991 | gettext_noop ("collect credentials"), |
1000 | &create_is), | 992 | &collect), |
1001 | GNUNET_GETOPT_option_flag ('C', | 993 | GNUNET_GETOPT_option_flag ('U', |
1002 | "createSubjectSide", | 994 | "createIssuerSide", |
1003 | gettext_noop ("Issue a credential subject side."), | 995 | gettext_noop ( |
1004 | &create_ss), | 996 | "Create and issue a credential issuer side."), |
1005 | GNUNET_GETOPT_option_flag ('S', | 997 | &create_is), |
1006 | "signSubjectSide", | 998 | GNUNET_GETOPT_option_flag ('C', |
1007 | gettext_noop ("Create, sign and return a credential subject side."), | 999 | "createSubjectSide", |
1008 | &sign_ss), | 1000 | gettext_noop ( |
1009 | GNUNET_GETOPT_option_string ('x', | 1001 | "Issue a credential subject side."), |
1010 | "import", | 1002 | &create_ss), |
1011 | "IMP", | 1003 | GNUNET_GETOPT_option_flag ( |
1012 | gettext_noop ("Import signed credentials that should be issued to a zone/ego"), | 1004 | 'S', |
1013 | &import), | 1005 | "signSubjectSide", |
1014 | GNUNET_GETOPT_OPTION_END | 1006 | gettext_noop ("Create, sign and return a credential subject side."), |
1015 | }; | 1007 | &sign_ss), |
1008 | GNUNET_GETOPT_option_string ( | ||
1009 | 'x', | ||
1010 | "import", | ||
1011 | "IMP", | ||
1012 | gettext_noop ( | ||
1013 | "Import signed credentials that should be issued to a zone/ego"), | ||
1014 | &import), | ||
1015 | GNUNET_GETOPT_option_flag ('P', | ||
1016 | "private", | ||
1017 | gettext_noop ("Create private record entry."), | ||
1018 | &is_private), | ||
1019 | GNUNET_GETOPT_option_flag ( | ||
1020 | 'F', | ||
1021 | "forward", | ||
1022 | gettext_noop ( | ||
1023 | "Indicates that the collect/verify process is done via forward search."), | ||
1024 | &forward), | ||
1025 | GNUNET_GETOPT_option_flag ( | ||
1026 | 'B', | ||
1027 | "backward", | ||
1028 | gettext_noop ( | ||
1029 | "Indicates that the collect/verify process is done via forward search."), | ||
1030 | &backward), | ||
1031 | GNUNET_GETOPT_OPTION_END}; | ||
1016 | int ret; | 1032 | int ret; |
1017 | 1033 | ||
1018 | timeout = GNUNET_TIME_UNIT_FOREVER_REL; | 1034 | timeout = GNUNET_TIME_UNIT_FOREVER_REL; |