diff options
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/gnunet-service-credential.c | 19 | ||||
-rw-r--r-- | src/credential/plugin_rest_credential.c | 154 |
2 files changed, 153 insertions, 20 deletions
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 4841370b3..ec89da323 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -880,19 +880,22 @@ static void | |||
880 | handle_verify (void *cls, | 880 | handle_verify (void *cls, |
881 | const struct VerifyMessage *v_msg) | 881 | const struct VerifyMessage *v_msg) |
882 | { | 882 | { |
883 | char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | ||
884 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | ||
885 | struct VerifyRequestHandle *vrh; | 883 | struct VerifyRequestHandle *vrh; |
886 | struct GNUNET_SERVICE_Client *client = cls; | 884 | struct GNUNET_SERVICE_Client *client = cls; |
885 | struct CredentialRecordEntry *cr_entry; | ||
886 | uint32_t credentials_count; | ||
887 | uint32_t credential_data_size; | ||
888 | int i; | ||
889 | char attr[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | ||
890 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | ||
887 | char *attrptr = attr; | 891 | char *attrptr = attr; |
892 | char *credential_data; | ||
888 | const char *utf_in; | 893 | const char *utf_in; |
889 | 894 | ||
890 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 895 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
891 | "Received VERIFY message\n"); | 896 | "Received VERIFY message\n"); |
892 | |||
893 | utf_in = (const char *) &v_msg[1]; | 897 | utf_in = (const char *) &v_msg[1]; |
894 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); | 898 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); |
895 | |||
896 | GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); | 899 | GNUNET_memcpy (issuer_attribute, attr, ntohs (v_msg->issuer_attribute_len)); |
897 | issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; | 900 | issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; |
898 | vrh = GNUNET_new (struct VerifyRequestHandle); | 901 | vrh = GNUNET_new (struct VerifyRequestHandle); |
@@ -913,15 +916,13 @@ handle_verify (void *cls, | |||
913 | * First, collect credentials | 916 | * First, collect credentials |
914 | * TODO: cleanup! | 917 | * TODO: cleanup! |
915 | */ | 918 | */ |
916 | uint32_t credentials_count = ntohl(v_msg->c_count); | 919 | credentials_count = ntohl(v_msg->c_count); |
917 | int i; | 920 | credential_data_size = ntohs (v_msg->header.size) |
918 | uint32_t credential_data_size = ntohs (v_msg->header.size) | ||
919 | - sizeof (struct VerifyMessage) | 921 | - sizeof (struct VerifyMessage) |
920 | - ntohs (v_msg->issuer_attribute_len) | 922 | - ntohs (v_msg->issuer_attribute_len) |
921 | - 1; | 923 | - 1; |
922 | struct GNUNET_CREDENTIAL_Credential credentials[credentials_count]; | 924 | struct GNUNET_CREDENTIAL_Credential credentials[credentials_count]; |
923 | char *credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; | 925 | credential_data = (char*)&v_msg[1] + ntohs (v_msg->issuer_attribute_len) + 1; |
924 | struct CredentialRecordEntry *cr_entry; | ||
925 | if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size, | 926 | if (GNUNET_OK != GNUNET_CREDENTIAL_credentials_deserialize (credential_data_size, |
926 | credential_data, | 927 | credential_data, |
927 | credentials_count, | 928 | credentials_count, |
diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index f13e26cd4..0d469f5de 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c | |||
@@ -245,6 +245,76 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch | |||
245 | } | 245 | } |
246 | 246 | ||
247 | /** | 247 | /** |
248 | * JSONAPI resource to Credential | ||
249 | * @param res the JSONAPI resource | ||
250 | * @return the resulting credential, NULL if failed | ||
251 | */ | ||
252 | static struct GNUNET_CREDENTIAL_Credential* | ||
253 | json_to_credential (json_t *res) | ||
254 | { | ||
255 | struct GNUNET_CREDENTIAL_Credential *cred; | ||
256 | json_t *tmp; | ||
257 | const char *attribute; | ||
258 | const char *signature; | ||
259 | char *sig; | ||
260 | |||
261 | tmp = json_object_get (res, "attribute"); | ||
262 | if (0 == json_is_string (tmp)) | ||
263 | { | ||
264 | return NULL; | ||
265 | } | ||
266 | attribute = json_string_value (tmp); | ||
267 | cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential) | ||
268 | + strlen (attribute)); | ||
269 | cred->issuer_attribute = attribute; | ||
270 | cred->issuer_attribute_len = strlen (attribute); | ||
271 | tmp = json_object_get (res, "issuer"); | ||
272 | if (0 == json_is_string (tmp)) | ||
273 | { | ||
274 | GNUNET_free (cred); | ||
275 | return NULL; | ||
276 | } | ||
277 | |||
278 | GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp), | ||
279 | strlen (json_string_value(tmp)), | ||
280 | &cred->issuer_key); | ||
281 | tmp = json_object_get (res, "subject"); | ||
282 | if (0 == json_is_string (tmp)) | ||
283 | { | ||
284 | GNUNET_free (cred); | ||
285 | return NULL; | ||
286 | } | ||
287 | GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp), | ||
288 | strlen (json_string_value(tmp)), | ||
289 | &cred->subject_key); | ||
290 | |||
291 | tmp = json_object_get (res, "signature"); | ||
292 | if (0 == json_is_string (tmp)) | ||
293 | { | ||
294 | GNUNET_free (cred); | ||
295 | return NULL; | ||
296 | } | ||
297 | signature = json_string_value (tmp); | ||
298 | GNUNET_STRINGS_base64_decode (signature, | ||
299 | strlen (signature), | ||
300 | (char**)&sig); | ||
301 | GNUNET_memcpy (&cred->signature, | ||
302 | sig, | ||
303 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); | ||
304 | GNUNET_free (sig); | ||
305 | |||
306 | tmp = json_object_get (res, "expiration"); | ||
307 | if (0 == json_is_integer (tmp)) | ||
308 | { | ||
309 | GNUNET_free (cred); | ||
310 | return NULL; | ||
311 | } | ||
312 | cred->expiration.abs_value_us = json_integer_value (tmp); | ||
313 | return cred; | ||
314 | } | ||
315 | |||
316 | |||
317 | /** | ||
248 | * Credential to JSON | 318 | * Credential to JSON |
249 | * @param cred the credential | 319 | * @param cred the credential |
250 | * @return the resulting json, NULL if failed | 320 | * @return the resulting json, NULL if failed |
@@ -254,6 +324,7 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) | |||
254 | { | 324 | { |
255 | char *issuer; | 325 | char *issuer; |
256 | char *subject; | 326 | char *subject; |
327 | char *signature; | ||
257 | char attribute[cred->issuer_attribute_len + 1]; | 328 | char attribute[cred->issuer_attribute_len + 1]; |
258 | json_t *cred_obj; | 329 | json_t *cred_obj; |
259 | 330 | ||
@@ -272,6 +343,9 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) | |||
272 | GNUNET_free (issuer); | 343 | GNUNET_free (issuer); |
273 | return NULL; | 344 | return NULL; |
274 | } | 345 | } |
346 | GNUNET_STRINGS_base64_encode ((char*)&cred->signature, | ||
347 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
348 | &signature); | ||
275 | memcpy (attribute, | 349 | memcpy (attribute, |
276 | cred->issuer_attribute, | 350 | cred->issuer_attribute, |
277 | cred->issuer_attribute_len); | 351 | cred->issuer_attribute_len); |
@@ -280,8 +354,11 @@ credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred) | |||
280 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); | 354 | json_object_set_new (cred_obj, "issuer", json_string (issuer)); |
281 | json_object_set_new (cred_obj, "subject", json_string (subject)); | 355 | json_object_set_new (cred_obj, "subject", json_string (subject)); |
282 | json_object_set_new (cred_obj, "attribute", json_string (attribute)); | 356 | json_object_set_new (cred_obj, "attribute", json_string (attribute)); |
357 | json_object_set_new (cred_obj, "signature", json_string (signature)); | ||
358 | json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us)); | ||
283 | GNUNET_free (issuer); | 359 | GNUNET_free (issuer); |
284 | GNUNET_free (subject); | 360 | GNUNET_free (subject); |
361 | GNUNET_free (signature); | ||
285 | return cred_obj; | 362 | return cred_obj; |
286 | } | 363 | } |
287 | 364 | ||
@@ -377,8 +454,17 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
377 | { | 454 | { |
378 | struct RequestHandle *handle = cls; | 455 | struct RequestHandle *handle = cls; |
379 | struct GNUNET_HashCode key; | 456 | struct GNUNET_HashCode key; |
457 | struct GNUNET_JSONAPI_Document *json_obj; | ||
458 | struct GNUNET_JSONAPI_Resource *res; | ||
459 | struct GNUNET_CREDENTIAL_Credential *cred; | ||
380 | char *tmp; | 460 | char *tmp; |
381 | char *entity_attr; | 461 | char *entity_attr; |
462 | int i; | ||
463 | uint32_t credential_count; | ||
464 | uint32_t resource_count; | ||
465 | json_t *cred_json; | ||
466 | json_t *data_js; | ||
467 | json_error_t err; | ||
382 | 468 | ||
383 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 469 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
384 | "Connecting...\n"); | 470 | "Connecting...\n"); |
@@ -456,8 +542,6 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
456 | } | 542 | } |
457 | tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, | 543 | tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map, |
458 | &key); | 544 | &key); |
459 | entity_attr = GNUNET_strdup (tmp); | ||
460 | tmp = strtok(entity_attr, "."); | ||
461 | if (NULL == tmp) | 545 | if (NULL == tmp) |
462 | { | 546 | { |
463 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 547 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -476,26 +560,74 @@ verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle, | |||
476 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 560 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
477 | return; | 561 | return; |
478 | } | 562 | } |
479 | tmp = strtok (NULL, "."); | 563 | GNUNET_free (entity_attr); |
480 | if (NULL == tmp) | 564 | |
565 | if (0 >= handle->rest_handle->data_size) | ||
481 | { | 566 | { |
482 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 567 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
483 | "Malformed subject attribute\n"); | 568 | "Missing credentials\n"); |
484 | GNUNET_free (entity_attr); | 569 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
485 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
486 | return; | 570 | return; |
487 | } | 571 | } |
488 | handle->subject_attr = GNUNET_strdup (tmp); | 572 | |
489 | GNUNET_free (entity_attr); | 573 | struct GNUNET_JSON_Specification docspec[] = { |
574 | GNUNET_JSON_spec_jsonapi_document (&json_obj), | ||
575 | GNUNET_JSON_spec_end() | ||
576 | }; | ||
577 | char term_data[handle->rest_handle->data_size+1]; | ||
578 | term_data[handle->rest_handle->data_size] = '\0'; | ||
579 | credential_count = 0; | ||
580 | GNUNET_memcpy (term_data, | ||
581 | handle->rest_handle->data, | ||
582 | handle->rest_handle->data_size); | ||
583 | data_js = json_loads (term_data, | ||
584 | JSON_DECODE_ANY, | ||
585 | &err); | ||
586 | GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (data_js, docspec, | ||
587 | NULL, NULL)); | ||
588 | json_decref (data_js); | ||
589 | if (NULL == json_obj) | ||
590 | { | ||
591 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
592 | "Unable to parse JSONAPI Object from %s\n", | ||
593 | term_data); | ||
594 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
595 | return; | ||
596 | } | ||
597 | |||
598 | resource_count = GNUNET_JSONAPI_document_resource_count(json_obj); | ||
599 | struct GNUNET_CREDENTIAL_Credential credentials[credential_count]; | ||
600 | for (i=0;i<resource_count;i++) | ||
601 | { | ||
602 | res = (GNUNET_JSONAPI_document_get_resource(json_obj, i)); | ||
603 | if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type(res, | ||
604 | GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO)) | ||
605 | { | ||
606 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
607 | "Resource not a credential!\n"); | ||
608 | continue; | ||
609 | } | ||
610 | credential_count++; | ||
611 | cred_json = GNUNET_JSONAPI_resource_read_attr (res, | ||
612 | GNUNET_REST_JSONAPI_CREDENTIAL); | ||
613 | cred = json_to_credential (cred_json); | ||
614 | GNUNET_memcpy (&credentials[i], | ||
615 | cred, | ||
616 | sizeof (struct GNUNET_CREDENTIAL_Credential)); | ||
617 | credentials[i].issuer_attribute = GNUNET_strdup (cred->issuer_attribute); | ||
618 | GNUNET_free (cred); | ||
619 | } | ||
490 | 620 | ||
491 | handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, | 621 | handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential, |
492 | &handle->issuer_key, | 622 | &handle->issuer_key, |
493 | handle->issuer_attr, | 623 | handle->issuer_attr, |
494 | &handle->subject_key, | 624 | &handle->subject_key, |
495 | 0, | 625 | credential_count, |
496 | NULL,//TODOhandle->subject_attr, | 626 | credentials, |
497 | &handle_verify_response, | 627 | &handle_verify_response, |
498 | handle); | 628 | handle); |
629 | for (i=0;i<credential_count;i++) | ||
630 | GNUNET_free ((char*)credentials[i].issuer_attribute); | ||
499 | 631 | ||
500 | } | 632 | } |
501 | 633 | ||