diff options
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/credential_api.c | 22 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 34 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 13 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 19 | ||||
-rwxr-xr-x | src/credential/test_credential_issue.sh | 2 | ||||
-rwxr-xr-x | src/credential/test_credential_lookup.sh | 66 | ||||
-rwxr-xr-x | src/credential/test_credential_verify.sh | 62 |
7 files changed, 121 insertions, 97 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 3be2d8bbb..eb7af5b53 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -425,35 +425,29 @@ struct GNUNET_CREDENTIAL_CredentialRecordData * | |||
425 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | 425 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, |
426 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | 426 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, |
427 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | 427 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, |
428 | const char *attribute) | 428 | const char *attribute, |
429 | struct GNUNET_TIME_Absolute *expiration) | ||
429 | { | 430 | { |
430 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 431 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
431 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; | ||
432 | 432 | ||
433 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); | 433 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); |
434 | 434 | ||
435 | purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | 435 | crd->purpose.size = htonl (strlen (attribute) + 1 + |
436 | strlen (attribute) + 1); | ||
437 | purp->size = htonl (strlen (attribute) + 1 + | ||
438 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | 436 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + |
439 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); | 437 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
438 | sizeof (uint64_t)); | ||
440 | 439 | ||
441 | purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | 440 | crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); |
442 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | 441 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, |
443 | &crd->issuer_key); | 442 | &crd->issuer_key); |
444 | crd->subject_key = *subject; | 443 | crd->subject_key = *subject; |
444 | crd->expiration = GNUNET_htonll (expiration->abs_value_us); | ||
445 | GNUNET_memcpy (&crd[1], | 445 | GNUNET_memcpy (&crd[1], |
446 | attribute, | 446 | attribute, |
447 | strlen (attribute)); | 447 | strlen (attribute)); |
448 | GNUNET_memcpy (&purp[1], | ||
449 | subject, | ||
450 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
451 | GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), | ||
452 | attribute, | ||
453 | strlen (attribute)); | ||
454 | if (GNUNET_OK != | 448 | if (GNUNET_OK != |
455 | GNUNET_CRYPTO_ecdsa_sign (issuer, | 449 | GNUNET_CRYPTO_ecdsa_sign (issuer, |
456 | purp, | 450 | &crd->purpose, |
457 | &crd->sig)) | 451 | &crd->sig)) |
458 | { | 452 | { |
459 | GNUNET_break (0); | 453 | GNUNET_break (0); |
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a7b92447b..a2d494f2a 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -68,6 +68,11 @@ static char *subject_key; | |||
68 | static char *subject_credential; | 68 | static char *subject_credential; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Credential TTL | ||
72 | */ | ||
73 | static char *expiration; | ||
74 | |||
75 | /** | ||
71 | * Subject key | 76 | * Subject key |
72 | */ | 77 | */ |
73 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; | 78 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; |
@@ -180,6 +185,8 @@ identity_cb (void *cls, | |||
180 | { | 185 | { |
181 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 186 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
182 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 187 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
188 | struct GNUNET_TIME_Absolute etime_abs; | ||
189 | struct GNUNET_TIME_Relative etime_rel; | ||
183 | char *res; | 190 | char *res; |
184 | 191 | ||
185 | el = NULL; | 192 | el = NULL; |
@@ -194,13 +201,35 @@ identity_cb (void *cls, | |||
194 | GNUNET_SCHEDULER_shutdown (); | 201 | GNUNET_SCHEDULER_shutdown (); |
195 | return; | 202 | return; |
196 | } | 203 | } |
204 | if (NULL == expiration) | ||
205 | { | ||
206 | fprintf (stderr, | ||
207 | "Please specify a TTL\n"); | ||
208 | GNUNET_SCHEDULER_shutdown (); | ||
209 | return; | ||
210 | } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration, | ||
211 | &etime_rel)) | ||
212 | { | ||
213 | etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); | ||
214 | } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration, | ||
215 | &etime_abs)) | ||
216 | { | ||
217 | fprintf (stderr, | ||
218 | "%s is not a valid ttl!\n", | ||
219 | expiration); | ||
220 | GNUNET_SCHEDULER_shutdown (); | ||
221 | return; | ||
222 | } | ||
223 | |||
224 | |||
197 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 225 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
198 | GNUNET_free_non_null (issuer_ego_name); | 226 | GNUNET_free_non_null (issuer_ego_name); |
199 | issuer_ego_name = NULL; | 227 | issuer_ego_name = NULL; |
200 | crd = GNUNET_CREDENTIAL_issue (credential, | 228 | crd = GNUNET_CREDENTIAL_issue (credential, |
201 | privkey, | 229 | privkey, |
202 | &subject_pkey, | 230 | &subject_pkey, |
203 | issuer_attr); | 231 | issuer_attr, |
232 | &etime_abs); | ||
204 | res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, | 233 | res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, |
205 | crd, | 234 | crd, |
206 | sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); | 235 | sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); |
@@ -353,6 +382,9 @@ main (int argc, char *const *argv) | |||
353 | {'a', "attribute", "ATTR", | 382 | {'a', "attribute", "ATTR", |
354 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, | 383 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, |
355 | &GNUNET_GETOPT_set_string, &issuer_attr}, | 384 | &GNUNET_GETOPT_set_string, &issuer_attr}, |
385 | {'T', "ttl", "EXP", | ||
386 | gettext_noop ("The time to live for the credential"), 1, | ||
387 | &GNUNET_GETOPT_set_string, &expiration}, | ||
356 | GNUNET_GETOPT_OPTION_END | 388 | GNUNET_GETOPT_OPTION_END |
357 | }; | 389 | }; |
358 | int ret; | 390 | int ret; |
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index a4686e635..ce040fe2b 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -326,7 +326,6 @@ send_lookup_response (void* cls, | |||
326 | struct GNUNET_MQ_Envelope *env; | 326 | struct GNUNET_MQ_Envelope *env; |
327 | struct VerifyResultMessage *rmsg; | 327 | struct VerifyResultMessage *rmsg; |
328 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 328 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
329 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; | ||
330 | struct CredentialRecordEntry *cr_entry; | 329 | struct CredentialRecordEntry *cr_entry; |
331 | uint32_t cred_verified; | 330 | uint32_t cred_verified; |
332 | 331 | ||
@@ -360,23 +359,13 @@ send_lookup_response (void* cls, | |||
360 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, | 359 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, |
361 | vrh->cred_chain_tail, | 360 | vrh->cred_chain_tail, |
362 | cr_entry); | 361 | cr_entry); |
363 | purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
364 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | ||
365 | strlen ((char*)&crd[1]) +1 ); | ||
366 | purp->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
367 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | ||
368 | strlen ((char*)&crd[1]) +1 ); | ||
369 | |||
370 | purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
371 | if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | 362 | if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, |
372 | purp, | 363 | &crd->purpose, |
373 | &crd->sig, | 364 | &crd->sig, |
374 | &crd->issuer_key)) | 365 | &crd->issuer_key)) |
375 | { | 366 | { |
376 | GNUNET_free (purp); | ||
377 | break; | 367 | break; |
378 | } | 368 | } |
379 | GNUNET_free (purp); | ||
380 | 369 | ||
381 | } | 370 | } |
382 | 371 | ||
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index f6aec9bcc..60b677a4e 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -74,10 +74,13 @@ credential_value_to_string (void *cls, | |||
74 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 74 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
75 | { | 75 | { |
76 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; | 76 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; |
77 | struct GNUNET_TIME_Absolute etime_abs; | ||
77 | char *cred_str; | 78 | char *cred_str; |
78 | char *subject_pkey; | 79 | char *subject_pkey; |
79 | char *issuer_pkey; | 80 | char *issuer_pkey; |
80 | char *signature; | 81 | char *signature; |
82 | const char *expiration; | ||
83 | |||
81 | 84 | ||
82 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) | 85 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) |
83 | return NULL; /* malformed */ | 86 | return NULL; /* malformed */ |
@@ -87,14 +90,17 @@ credential_value_to_string (void *cls, | |||
87 | cdata = data; | 90 | cdata = data; |
88 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); | 91 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); |
89 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | 92 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); |
93 | etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); | ||
94 | expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); | ||
90 | GNUNET_STRINGS_base64_encode ((char*)&cred.sig, | 95 | GNUNET_STRINGS_base64_encode ((char*)&cred.sig, |
91 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | 96 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), |
92 | &signature); | 97 | &signature); |
93 | GNUNET_asprintf (&cred_str, | 98 | GNUNET_asprintf (&cred_str, |
94 | "%s.%s -> %s sig:%s", | 99 | "%s.%s -> %s exp:%s sig:%s", |
95 | issuer_pkey, | 100 | issuer_pkey, |
96 | &cdata[sizeof (cred)], | 101 | &cdata[sizeof (cred)], |
97 | subject_pkey, | 102 | subject_pkey, |
103 | expiration, | ||
98 | signature); | 104 | signature); |
99 | GNUNET_free (subject_pkey); | 105 | GNUNET_free (subject_pkey); |
100 | GNUNET_free (issuer_pkey); | 106 | GNUNET_free (issuer_pkey); |
@@ -141,13 +147,17 @@ credential_string_to_value (void *cls, | |||
141 | char issuer_pkey[enclen + 1]; | 147 | char issuer_pkey[enclen + 1]; |
142 | char name[253 + 1]; | 148 | char name[253 + 1]; |
143 | char signature[128]; //TODO max payload size | 149 | char signature[128]; //TODO max payload size |
150 | char expiration[256]; | ||
151 | |||
144 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | 152 | struct GNUNET_CRYPTO_EcdsaSignature *sig; |
153 | struct GNUNET_TIME_Absolute etime_abs; | ||
145 | 154 | ||
146 | if (4 != SSCANF (s, | 155 | if (5 != SSCANF (s, |
147 | "%52s.%253s -> %52s sig:%s", | 156 | "%52s.%253s -> %52s exp:%255s sig:%127s", |
148 | issuer_pkey, | 157 | issuer_pkey, |
149 | name, | 158 | name, |
150 | subject_pkey, | 159 | subject_pkey, |
160 | expiration, | ||
151 | signature)) | 161 | signature)) |
152 | { | 162 | { |
153 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 163 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -163,10 +173,13 @@ credential_string_to_value (void *cls, | |||
163 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, | 173 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, |
164 | strlen (issuer_pkey), | 174 | strlen (issuer_pkey), |
165 | &cred->issuer_key); | 175 | &cred->issuer_key); |
176 | GNUNET_STRINGS_fancy_time_to_absolute (expiration, | ||
177 | &etime_abs); | ||
166 | GNUNET_STRINGS_base64_decode (signature, | 178 | GNUNET_STRINGS_base64_decode (signature, |
167 | strlen (signature), | 179 | strlen (signature), |
168 | (char**)&sig); | 180 | (char**)&sig); |
169 | cred->sig = *sig; | 181 | cred->sig = *sig; |
182 | cred->expiration = htonl (etime_abs.abs_value_us); | ||
170 | GNUNET_free (sig); | 183 | GNUNET_free (sig); |
171 | GNUNET_memcpy (&cred[1], | 184 | GNUNET_memcpy (&cred[1], |
172 | name, | 185 | name, |
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index 95eac2957..4d1ba67c7 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh | |||
@@ -29,7 +29,7 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf | |||
29 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | 29 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') |
30 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | 30 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') |
31 | #TODO1 Get credential and store it with subject (3) | 31 | #TODO1 Get credential and store it with subject (3) |
32 | $DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf | 32 | $DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf |
33 | STATUS=$? | 33 | STATUS=$? |
34 | 34 | ||
35 | gnunet-arm -e -c test_credential_lookup.conf | 35 | gnunet-arm -e -c test_credential_lookup.conf |
diff --git a/src/credential/test_credential_lookup.sh b/src/credential/test_credential_lookup.sh deleted file mode 100755 index fc6a59c50..000000000 --- a/src/credential/test_credential_lookup.sh +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | TEST_ISSUER="PKEY1" | ||
25 | TEST_ATTR="user" | ||
26 | TEST_SUB_ATTR="resu" | ||
27 | TEST_DELEGATION_SUBJECT="PKEY2" | ||
28 | TEST_DELEGATION_ATTR="$TEST_SUB_ATTR.$TEST_ATTR" | ||
29 | TEST_SUBDELEGATION_SUBJECT="PKEY3" | ||
30 | TEST_SUBJECT="PKEY4" | ||
31 | TEST_CREDENTIAL="c1" | ||
32 | gnunet-arm -s -c test_credential_lookup.conf | ||
33 | gnunet-identity -C testone -c test_credential_lookup.conf | ||
34 | gnunet-identity -C testtwo -c test_credential_lookup.conf | ||
35 | gnunet-identity -C testthree -c test_credential_lookup.conf | ||
36 | gnunet-identity -C testfour -c test_credential_lookup.conf | ||
37 | |||
38 | #TODO1 Get credential and store it with subject (3) | ||
39 | CRED=`$DO_TIMEOUT gnunet-credential --issue --issuer=$TEST_SUBDELEGATION_SUBJECT --attribute=$TEST_SUB_ATTR --expiration 1m -c test_credential_lookup.conf` | ||
40 | gnunet-namestore -p -z testfour -a -n $TEST_CREDENTIAL -t CRED -V $CRED -e 5m -c test_credential_lookup.conf | ||
41 | |||
42 | # (1) | ||
43 | gnunet-namestore -p -z testone -a -n $TEST_ATTR -t ATTR -V "$TEST_DELEGATION_SUBJECT $TEST_DELEGATION_ATTR" | ||
44 | |||
45 | # (2) | ||
46 | gnunet-namestore -p -z testtwo -a -n $TEST_SUB_ATTR -t ATTR -V "$TEST_SUBDELEGATION_SUBJECT" | ||
47 | |||
48 | |||
49 | #TODO2 Add -z swich like in gnunet-gns | ||
50 | RES_IP=`$DO_TIMEOUT gnunet-credential --verify --issuer=$TEST_ISSUER --attribute="$TEST_DELEGATION_ATTR" --subject=$TEST_SUBJECT --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` | ||
51 | |||
52 | #TODO cleanup properly | ||
53 | gnunet-namestore -z testsubject -d -n newcred -t CRED -e never -c test_credential_lookup.conf | ||
54 | gnunet-identity -D testsubject -c test_credential_lookup.conf | ||
55 | gnunet-arm -e -c test_credential_lookup.conf | ||
56 | |||
57 | #TODO3 proper test | ||
58 | exit 0 | ||
59 | |||
60 | #if [ "$RES_IP" == "$TEST_CRED" ] | ||
61 | #then | ||
62 | # exit 0 | ||
63 | #else | ||
64 | # echo "FAIL: Failed to resolve to proper IP, got $RES_IP." | ||
65 | # exit 1 | ||
66 | #fi | ||
diff --git a/src/credential/test_credential_verify.sh b/src/credential/test_credential_verify.sh new file mode 100755 index 000000000..6e5ba4647 --- /dev/null +++ b/src/credential/test_credential_verify.sh | |||
@@ -0,0 +1,62 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) Authority.test -> Intermediate.org.user | ||
19 | # (2) Intermediate.org -> Issuer | ||
20 | # (3) Issuer.user -> Subject | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | gnunet-arm -s -c test_credential_lookup.conf | ||
25 | gnunet-identity -C testissuer -c test_credential_lookup.conf | ||
26 | gnunet-identity -C testsubject -c test_credential_lookup.conf | ||
27 | gnunet-identity -C testintermediate -c test_credential_lookup.conf | ||
28 | gnunet-identity -C testauthority -c test_credential_lookup.conf | ||
29 | |||
30 | TEST_ATTR="user" | ||
31 | INTERMEDIATE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testintermediate | awk '{print $3}') | ||
32 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | ||
33 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | ||
34 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` | ||
35 | |||
36 | TEST_CREDENTIAL="t1" | ||
37 | gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | ||
38 | |||
39 | INTERMEDIATE_ATTR="org" | ||
40 | gnunet-namestore -p -z testintermediate -a -n $INTERMEDIATE_ATTR -t ATTR -V "$ISSUER_KEY" -e 5m -c test_credential_lookup.conf | ||
41 | |||
42 | AUTHORITY_ATTR="test" | ||
43 | gnunet-namestore -p -z testauthority -a -n $AUTHORITY_ATTR -t ATTR -V "$INTERMEDIATE_KEY $INTERMEDIATE_ATTR.$TEST_ATTR" -e 5m -c test_credential_lookup.conf | ||
44 | |||
45 | #TODO2 Add -z swich like in gnunet-gns | ||
46 | #RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` | ||
47 | valgrind gnunet-credential --verify --issuer=$AUTHORITY_KEY --attribute=$AUTHORITY_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf | ||
48 | |||
49 | #TODO cleanup properly | ||
50 | gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf | ||
51 | gnunet-arm -e -c test_credential_lookup.conf | ||
52 | |||
53 | #TODO3 proper test | ||
54 | exit 0 | ||
55 | |||
56 | if [ "$RES_CRED" == "Ok!" ] | ||
57 | then | ||
58 | exit 0 | ||
59 | else | ||
60 | echo "FAIL: Failed to verify credential $RES_IP." | ||
61 | exit 1 | ||
62 | fi | ||