aboutsummaryrefslogtreecommitdiff
path: root/src/credential
diff options
context:
space:
mode:
Diffstat (limited to 'src/credential')
-rw-r--r--src/credential/gnunet-service-credential.c19
-rw-r--r--src/credential/plugin_rest_credential.c154
2 files changed, 153 insertions, 20 deletions
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index 4841370b3..ec89da323 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -880,19 +880,22 @@ static void
880handle_verify (void *cls, 880handle_verify (void *cls,
881 const struct VerifyMessage *v_msg) 881 const struct VerifyMessage *v_msg)
882{ 882{
883 char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
884 char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
885 struct VerifyRequestHandle *vrh; 883 struct VerifyRequestHandle *vrh;
886 struct GNUNET_SERVICE_Client *client = cls; 884 struct GNUNET_SERVICE_Client *client = cls;
885 struct CredentialRecordEntry *cr_entry;
886 uint32_t credentials_count;
887 uint32_t credential_data_size;
888 int i;
889 char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
890 char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1];
887 char *attrptr = attr; 891 char *attrptr = attr;
892 char *credential_data;
888 const char *utf_in; 893 const char *utf_in;
889 894
890 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 895 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
891 "Received VERIFY message\n"); 896 "Received VERIFY message\n");
892
893 utf_in = (const char *) &v_msg[1]; 897 utf_in = (const char *) &v_msg[1];
894 GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); 898 GNUNET_STRINGS_utf8_tolower (utf_in, attrptr);
895
896 GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); 899 GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len));
897 issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; 900 issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0';
898 vrh = GNUNET_new (struct VerifyRequestHandle); 901 vrh = GNUNET_new (struct VerifyRequestHandle);
@@ -913,15 +916,13 @@ handle_verify (void *cls,
913 * First, collect credentials 916 * First, collect credentials
914 * TODO: cleanup! 917 * TODO: cleanup!
915 */ 918 */
916 uint32_t credentials_count = ntohl(v_msg->c_count); 919 credentials_count = ntohl(v_msg->c_count);
917 int i; 920 credential_data_size = ntohs (v_msg->header.size)
918 uint32_t credential_data_size = ntohs (v_msg->header.size)
919 - sizeof (struct VerifyMessage) 921 - sizeof (struct VerifyMessage)
920 - ntohs (v_msg->issuer_attribute_len) 922 - ntohs (v_msg->issuer_attribute_len)
921 - 1; 923 - 1;
922 struct GNUNET_CREDENTIAL_Credential credentials[credentials_count]; 924 struct GNUNET_CREDENTIAL_Credential credentials[credentials_count];
923 char *credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; 925 credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1;
924 struct CredentialRecordEntry *cr_entry;
925 if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size, 926 if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size,
926 credential_data, 927 credential_data,
927 credentials_count, 928 credentials_count,
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c
index f13e26cd4..0d469f5de 100644
--- a/src/credential/plugin_rest_credential.c
+++ b/src/credential/plugin_rest_credential.c
@@ -245,6 +245,76 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch
245} 245}
246 246
247/** 247/**
248 * JSONAPI resource to Credential
249 * @param res the JSONAPI resource
250 * @return the resulting credential, NULL if failed
251 */
252static struct GNUNET_CREDENTIAL_Credential*
253json_to_credential (json_t *res)
254{
255 struct GNUNET_CREDENTIAL_Credential *cred;
256 json_t *tmp;
257 const char *attribute;
258 const char *signature;
259 char *sig;
260
261 tmp = json_object_get (res, "attribute");
262 if (0 == json_is_string (tmp))
263 {
264 return NULL;
265 }
266 attribute = json_string_value (tmp);
267 cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential)
268 + strlen (attribute));
269 cred->issuer_attribute = attribute;
270 cred->issuer_attribute_len = strlen (attribute);
271 tmp = json_object_get (res, "issuer");
272 if (0 == json_is_string (tmp))
273 {
274 GNUNET_free (cred);
275 return NULL;
276 }
277
278 GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp),
279 strlen (json_string_value(tmp)),
280 &cred->issuer_key);
281 tmp = json_object_get (res, "subject");
282 if (0 == json_is_string (tmp))
283 {
284 GNUNET_free (cred);
285 return NULL;
286 }
287 GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp),
288 strlen (json_string_value(tmp)),
289 &cred->subject_key);
290
291 tmp = json_object_get (res, "signature");
292 if (0 == json_is_string (tmp))
293 {
294 GNUNET_free (cred);
295 return NULL;
296 }
297 signature = json_string_value (tmp);
298 GNUNET_STRINGS_base64_decode (signature,
299 strlen (signature),
300 (char**)&sig);
301 GNUNET_memcpy (&cred->signature,
302 sig,
303 sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
304 GNUNET_free (sig);
305
306 tmp = json_object_get (res, "expiration");
307 if (0 == json_is_integer (tmp))
308 {
309 GNUNET_free (cred);
310 return NULL;
311 }
312 cred->expiration.abs_value_us = json_integer_value (tmp);
313 return cred;
314}
315
316
317/**
248 * Credential to JSON 318 * Credential to JSON
249 * @param cred the credential 319 * @param cred the credential
250 * @return the resulting json, NULL if failed 320 * @return the resulting json, NULL if failed
@@ -254,6 +324,7 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred)
254{ 324{
255 char *issuer; 325 char *issuer;
256 char *subject; 326 char *subject;
327 char *signature;
257 char attribute[cred->issuer_attribute_len + 1]; 328 char attribute[cred->issuer_attribute_len + 1];
258 json_t *cred_obj; 329 json_t *cred_obj;
259 330
@@ -272,6 +343,9 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred)
272 GNUNET_free (issuer); 343 GNUNET_free (issuer);
273 return NULL; 344 return NULL;
274 } 345 }
346 GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
347 sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
348 &signature);
275 memcpy (attribute, 349 memcpy (attribute,
276 cred->issuer_attribute, 350 cred->issuer_attribute,
277 cred->issuer_attribute_len); 351 cred->issuer_attribute_len);
@@ -280,8 +354,11 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred)
280 json_object_set_new (cred_obj, "issuer", json_string (issuer)); 354 json_object_set_new (cred_obj, "issuer", json_string (issuer));
281 json_object_set_new (cred_obj, "subject", json_string (subject)); 355 json_object_set_new (cred_obj, "subject", json_string (subject));
282 json_object_set_new (cred_obj, "attribute", json_string (attribute)); 356 json_object_set_new (cred_obj, "attribute", json_string (attribute));
357 json_object_set_new (cred_obj, "signature", json_string (signature));
358 json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us));
283 GNUNET_free (issuer); 359 GNUNET_free (issuer);
284 GNUNET_free (subject); 360 GNUNET_free (subject);
361 GNUNET_free (signature);
285 return cred_obj; 362 return cred_obj;
286} 363}
287 364
@@ -377,8 +454,17 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
377{ 454{
378 struct RequestHandle *handle = cls; 455 struct RequestHandle *handle = cls;
379 struct GNUNET_HashCode key; 456 struct GNUNET_HashCode key;
457 struct GNUNET_JSONAPI_Document *json_obj;
458 struct GNUNET_JSONAPI_Resource *res;
459 struct GNUNET_CREDENTIAL_Credential *cred;
380 char *tmp; 460 char *tmp;
381 char *entity_attr; 461 char *entity_attr;
462 int i;
463 uint32_t credential_count;
464 uint32_t resource_count;
465 json_t *cred_json;
466 json_t *data_js;
467 json_error_t err;
382 468
383 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, 469 GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
384 "Connecting...\n"); 470 "Connecting...\n");
@@ -456,8 +542,6 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
456 } 542 }
457 tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, 543 tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map,
458 &key); 544 &key);
459 entity_attr = GNUNET_strdup (tmp);
460 tmp = strtok(entity_attr, ".");
461 if (NULL == tmp) 545 if (NULL == tmp)
462 { 546 {
463 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 547 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -476,26 +560,74 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
476 GNUNET_SCHEDULER_add_now (&do_error, handle); 560 GNUNET_SCHEDULER_add_now (&do_error, handle);
477 return; 561 return;
478 } 562 }
479 tmp = strtok (NULL, "."); 563 GNUNET_free (entity_attr);
480 if (NULL == tmp) 564
565 if (0 >= handle->rest_handle->data_size)
481 { 566 {
482 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 567 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
483 "Malformed subject attribute\n"); 568 "Missing credentials\n");
484 GNUNET_free (entity_attr); 569 GNUNET_SCHEDULER_add_now (&do_error, handle);
485 GNUNET_SCHEDULER_add_now (&do_error, handle);
486 return; 570 return;
487 } 571 }
488 handle->subject_attr = GNUNET_strdup (tmp); 572
489 GNUNET_free (entity_attr); 573 struct GNUNET_JSON_Specification docspec[] = {
574 GNUNET_JSON_spec_jsonapi_document (&json_obj),
575 GNUNET_JSON_spec_end()
576 };
577 char term_data[handle->rest_handle->data_size+1];
578 term_data[handle->rest_handle->data_size] = '\0';
579 credential_count = 0;
580 GNUNET_memcpy (term_data,
581 handle->rest_handle->data,
582 handle->rest_handle->data_size);
583 data_js = json_loads (term_data,
584 JSON_DECODE_ANY,
585 &err);
586 GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (data_js, docspec,
587 NULL, NULL));
588 json_decref (data_js);
589 if (NULL == json_obj)
590 {
591 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
592 "Unable to parse JSONAPI Object from %s\n",
593 term_data);
594 GNUNET_SCHEDULER_add_now (&do_error, handle);
595 return;
596 }
597
598 resource_count = GNUNET_JSONAPI_document_resource_count(json_obj);
599 struct GNUNET_CREDENTIAL_Credential credentials[credential_count];
600 for (i=0;i<resource_count;i++)
601 {
602 res = (GNUNET_JSONAPI_document_get_resource(json_obj, i));
603 if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type(res,
604 GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO))
605 {
606 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
607 "Resource not a credential!\n");
608 continue;
609 }
610 credential_count++;
611 cred_json = GNUNET_JSONAPI_resource_read_attr (res,
612 GNUNET_REST_JSONAPI_CREDENTIAL);
613 cred = json_to_credential (cred_json);
614 GNUNET_memcpy (&credentials[i],
615 cred,
616 sizeof (struct GNUNET_CREDENTIAL_Credential));
617 credentials[i].issuer_attribute = GNUNET_strdup (cred->issuer_attribute);
618 GNUNET_free (cred);
619 }
490 620
491 handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, 621 handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential,
492 &handle->issuer_key, 622 &handle->issuer_key,
493 handle->issuer_attr, 623 handle->issuer_attr,
494 &handle->subject_key, 624 &handle->subject_key,
495 0, 625 credential_count,
496 NULL,//TODOhandle->subject_attr, 626 credentials,
497 &handle_verify_response, 627 &handle_verify_response,
498 handle); 628 handle);
629 for (i=0;i<credential_count;i++)
630 GNUNET_free ((char*)credentials[i].issuer_attribute);
499 631
500} 632}
501 633