1 files changed, 58 insertions, 15 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 207923d5e..a518d00ae 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -364,6 +364,11 @@ struct AttributeStoreHandle
  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
  /**
+   * The attribute expiration interval
+   */
+  struct GNUNET_TIME_Relative exp;
+  /**
   * request id
   */
  uint32_t r_id;
@@ -1308,12 +1313,29 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
 }
 /**
- * Revoke next attribte by reencryption with
+ * Failed to check for attribute
- * new ABE master
 */
 static void
-reenc_next_attribute (struct TicketRevocationHandle *rh)
+check_attr_error (void *cls)
+{
+  struct TicketRevocationHandle *rh = cls;
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Unable to check for existing attribute\n");
+  send_revocation_finished (rh, GNUNET_SYSERR);
+  cleanup_revoke_ticket_handle (rh);
+}
+/**
+ * Check for existing attribute and overwrite
+ */
+static void
+check_attr_cb (void *cls,
+               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+               const char *label,
+               unsigned int rd_count,
+               const struct GNUNET_GNSRECORD_Data *rd_old)
 {
+  struct TicketRevocationHandle *rh = cls;
  struct GNUNET_GNSRECORD_Data rd[1];
  char* buf;
  char* enc_buf;
@@ -1323,15 +1345,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  char* policy;
  uint32_t attr_ver;
-  if (NULL == rh->attrs->list_head)
-  {
-    revocation_reissue_tickets (rh);
-    return;
-  }
  buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
  buf = GNUNET_malloc (buf_size);
  GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
-                       buf);
+                                       buf);
  rh->attrs->list_head->claim->version++;
  GNUNET_asprintf (&policy, "%s_%lu",
                   rh->attrs->list_head->claim->name,
@@ -1342,10 +1360,10 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
   * Encrypt the attribute value and store in namestore
   */
  enc_size = GNUNET_ABE_cpabe_encrypt (buf,
-                                          buf_size,
+                                       buf_size,
-                                          policy, //Policy
+                                       policy, //Policy
-                                          rh->abe_key,
+                                       rh->abe_key,
-                                          (void**)&enc_buf);
+                                       (void**)&enc_buf);
  GNUNET_free (buf);
  if (GNUNET_SYSERR == enc_size)
  {
@@ -1371,7 +1389,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  rd[0].data = rd_buf;
  rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
  rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-  rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+  rd[0].expiration_time = rd_old[0].expiration_time;
  rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                              &rh->identity,
                                              rh->attrs->list_head->claim->name,
@@ -1383,6 +1401,30 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
  GNUNET_free (rd_buf);
 }
+/**
+ * Revoke next attribte by reencryption with
+ * new ABE master
+ */
+static void
+reenc_next_attribute (struct TicketRevocationHandle *rh)
+{
+  if (NULL == rh->attrs->list_head)
+  {
+    revocation_reissue_tickets (rh);
+    return;
+  }
+  /* First check if attribute still exists */
+  rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
+                                               &rh->identity,
+                                               rh->attrs->list_head->claim->name,
+                                               &check_attr_error,
+                                               rh,
+                                               &check_attr_cb,
+                                               rh);
+}
 /**
 * Namestore callback after revoked attribute
 * is stored
@@ -1878,7 +1920,7 @@ attr_store_task (void *cls)
  rd[0].data = rd_buf;
  rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
  rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-  rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+  rd[0].expiration_time = as_handle->exp.rel_value_us;
  as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
                                                     &as_handle->identity,
                                                     as_handle->claim->name,
@@ -1936,6 +1978,7 @@ handle_attribute_store_message (void *cls,
  as_handle->r_id = ntohl (sam->id);
  as_handle->identity = sam->identity;
+  as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
  GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
                                      &as_handle->identity_pkey);

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 207923d5e..a518d00ae 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -364,6 +364,11 @@ struct AttributeStoreHandle
364	struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;	364	struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
365		365
366	/**	366	/**
		367	* The attribute expiration interval
		368	*/
		369	struct GNUNET_TIME_Relative exp;
		370
		371	/**
367	* request id	372	* request id
368	*/	373	*/
369	uint32_t r_id;	374	uint32_t r_id;
@@ -1308,12 +1313,29 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh)
1308	}	1313	}
1309		1314
1310	/**	1315	/**
1311	* Revoke next attribte by reencryption with	1316	* Failed to check for attribute
1312	* new ABE master
1313	*/	1317	*/
1314	static void	1318	static void
1315	reenc_next_attribute (struct TicketRevocationHandle *rh)	1319	check_attr_error (void *cls)
		1320	{
		1321	struct TicketRevocationHandle *rh = cls;
		1322	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		1323	"Unable to check for existing attribute\n");
		1324	send_revocation_finished (rh, GNUNET_SYSERR);
		1325	cleanup_revoke_ticket_handle (rh);
		1326	}
		1327
		1328	/**
		1329	* Check for existing attribute and overwrite
		1330	*/
		1331	static void
		1332	check_attr_cb (void *cls,
		1333	const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
		1334	const char *label,
		1335	unsigned int rd_count,
		1336	const struct GNUNET_GNSRECORD_Data *rd_old)
1316	{	1337	{
		1338	struct TicketRevocationHandle *rh = cls;
1317	struct GNUNET_GNSRECORD_Data rd[1];	1339	struct GNUNET_GNSRECORD_Data rd[1];
1318	char* buf;	1340	char* buf;
1319	char* enc_buf;	1341	char* enc_buf;
@@ -1323,15 +1345,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1323	char* policy;	1345	char* policy;
1324	uint32_t attr_ver;	1346	uint32_t attr_ver;
1325		1347
1326	if (NULL == rh->attrs->list_head)	1348
1327	{
1328	revocation_reissue_tickets (rh);
1329	return;
1330	}
1331	buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);	1349	buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
1332	buf = GNUNET_malloc (buf_size);	1350	buf = GNUNET_malloc (buf_size);
1333	GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,	1351	GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
1334	buf);	1352	buf);
1335	rh->attrs->list_head->claim->version++;	1353	rh->attrs->list_head->claim->version++;
1336	GNUNET_asprintf (&policy, "%s_%lu",	1354	GNUNET_asprintf (&policy, "%s_%lu",
1337	rh->attrs->list_head->claim->name,	1355	rh->attrs->list_head->claim->name,
@@ -1342,10 +1360,10 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1342	* Encrypt the attribute value and store in namestore	1360	* Encrypt the attribute value and store in namestore
1343	*/	1361	*/
1344	enc_size = GNUNET_ABE_cpabe_encrypt (buf,	1362	enc_size = GNUNET_ABE_cpabe_encrypt (buf,
1345	buf_size,	1363	buf_size,
1346	policy, //Policy	1364	policy, //Policy
1347	rh->abe_key,	1365	rh->abe_key,
1348	(void**)&enc_buf);	1366	(void**)&enc_buf);
1349	GNUNET_free (buf);	1367	GNUNET_free (buf);
1350	if (GNUNET_SYSERR == enc_size)	1368	if (GNUNET_SYSERR == enc_size)
1351	{	1369	{
@@ -1371,7 +1389,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1371	rd[0].data = rd_buf;	1389	rd[0].data = rd_buf;
1372	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;	1390	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
1373	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;	1391	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
1374	rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?	1392	rd[0].expiration_time = rd_old[0].expiration_time;
1375	rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,	1393	rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1376	&rh->identity,	1394	&rh->identity,
1377	rh->attrs->list_head->claim->name,	1395	rh->attrs->list_head->claim->name,
@@ -1383,6 +1401,30 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
1383	GNUNET_free (rd_buf);	1401	GNUNET_free (rd_buf);
1384	}	1402	}
1385		1403
		1404
		1405	/**
		1406	* Revoke next attribte by reencryption with
		1407	* new ABE master
		1408	*/
		1409	static void
		1410	reenc_next_attribute (struct TicketRevocationHandle *rh)
		1411	{
		1412	if (NULL == rh->attrs->list_head)
		1413	{
		1414	revocation_reissue_tickets (rh);
		1415	return;
		1416	}
		1417	/* First check if attribute still exists */
		1418	rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
		1419	&rh->identity,
		1420	rh->attrs->list_head->claim->name,
		1421	&check_attr_error,
		1422	rh,
		1423	&check_attr_cb,
		1424	rh);
		1425	}
		1426
		1427
1386	/**	1428	/**
1387	* Namestore callback after revoked attribute	1429	* Namestore callback after revoked attribute
1388	* is stored	1430	* is stored
@@ -1878,7 +1920,7 @@ attr_store_task (void *cls)
1878	rd[0].data = rd_buf;	1920	rd[0].data = rd_buf;
1879	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;	1921	rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
1880	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;	1922	rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
1881	rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?	1923	rd[0].expiration_time = as_handle->exp.rel_value_us;
1882	as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,	1924	as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
1883	&as_handle->identity,	1925	&as_handle->identity,
1884	as_handle->claim->name,	1926	as_handle->claim->name,
@@ -1936,6 +1978,7 @@ handle_attribute_store_message (void *cls,
1936		1978
1937	as_handle->r_id = ntohl (sam->id);	1979	as_handle->r_id = ntohl (sam->id);
1938	as_handle->identity = sam->identity;	1980	as_handle->identity = sam->identity;
		1981	as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
1939	GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,	1982	GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
1940	&as_handle->identity_pkey);	1983	&as_handle->identity_pkey);
1941		1984